[Evolution] Evolution + GPG + MailScanner = Bad Juju...

Michael H. Warfield mhw at wittsend.com
Thu Jan 26 22:21:41 GMT 2006 

On Thu, 2006-01-26 at 15:56 -0500, Jeffrey Stedfast wrote:
> On Thu, 2006-01-26 at 15:53 -0500, Michael H. Warfield wrote:
> > On Thu, 2006-01-26 at 15:44 -0500, Jeffrey Stedfast wrote:
> > > On Thu, 2006-01-26 at 15:00 -0500, Michael H. Warfield wrote:

	:

> > > > 	1) Why must we be adding extraneous CR on text messages?  Is this
> > > > REALLY necessary?
> > > 
> > > Yes. From rfc3156:
> > > 
> > >    When the OpenPGP digital signature is generated:
> > > 
> > >    (1)   The data to be signed MUST first be converted to its content-
> > >          type specific canonical form.  For text/plain, this means
> > >          conversion to an appropriate character set and conversion of
> > >          line endings to the canonical <CR><LF> sequence.
> > 
> > > This is what Evolution does.

> > 	Ok...  I'll concede that point.  Then what about the signing mode, text
> > vs binary.  We're still broken here.

> How so? The only difference between text and binary mode is the
> canonical CRLF endings, and, guess what, Evolution converts to CRLF. So
> no problem there.

	Oh crap...  Wait a minute...  There is something else that's been
staring me in the face here, all along.  There's a difference in the
Mime quoted printable encoding.  I wasn't paying close enough attention
to that, rather than the text it was encoding.

	On the messages that result in a "good signature" (saved in the "sent"
mailbox) I looked closely at the lines and the encoding...

	What I see is something like this:

--=20^M
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com^M

	Now...  Looking at the message which has passed through MailScanner, I
see those same two lines as this:

--=20=0A=
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com=0A=

	So, in the former case, the Mime quoted printable has the CR's as real
CR's (^M) and in the later case the quoted printable has the CR's as
quoted printable CRs (=0A).  Not good.

	So that's what's really causing the problem.  It's the difference in
encoding...  The messages are identical other than that encoding
difference.  The signature is on the encoded Mime part.  That's a more
serious discrepancy than merely text vs binary.  My bad for not looking
closer at the Mime encoding itself and thinking it was just an issue
with the text format itself.

	Which is correct?  Obviously the signature was generated with the ^M in
the encoded Mime part and won't match if it's encoded with =0A even
though they should be equivalent from a quoted printable standpoint.  If
their both "correct", they have to, at least, agree in order to get the
signature to verify.

	Obviously there IS a problem here with MailScanner re-encoding those
parts.  That's modifying that attachment and breaking the signature.

	Someone with MailScanner want to jump in on this?  Ball's in your court
now...

	Mike

> > > -- 
> > > Jeffrey Stedfast
> > > Evolution Hacker - Novell, Inc.
> > > fejj at ximian.com  - www.novell.com
> > 
> > 	Mike
> -- 
> Jeffrey Stedfast
> Evolution Hacker - Novell, Inc.
> fejj at ximian.com  - www.novell.com

	Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060126/419e699d/attachment.bin

More information about the MailScanner mailing list