[ale] testing firegpg with mailman
Jeremy T. Bouse
jeremy.bouse at undergrid.net
Sat Nov 28 16:06:30 EST 2009
Michael H. Warfield wrote:
> Jim,
>
> On Sat, 2009-11-28 at 14:23 -0500, Jim Kinney wrote:
>> OK. So Mailman is (maybe) munging the gpg signature. Fixing that will
>> be a challenge if it's caused by signing the wrong sections of the
>> message body.
>
> Something is not right here. I run a mailman site supporting several
> dozen lists and multiple domains (IT-ISAC, ISAC Council, +++) and I
> don't see this problem. We use gpg/pgp all the time on those lists.
> Furthermore, my own signatures through the ALE list seem to be coming
> through fine.
>
I've been sending gpg signed messages through Thunderbird using
Enigmail without problems. Further I've sent emails to myself from Gmail
using FireGPG and the signature was come through fine. I just hadn't
sent anything to the list from my Gmail account and using FireGPG.
As I noted though FireGPG was base64 encoding the messages themselves
along with the MIME encoding so I don't know if it's that combination
that's causing a problem for the ALE mailing list software. It has been
isolated to email sent via FireGPG though it seems. Whether the fix
should be found in the mailing list software or FireGPG itself could
probably be debated in great length.
> Couple of years ago, I did run into a problem with MailScanner which
> Julian and I took a few days to shoot. In that case, MailScanner was
> unpacking the mime and then repacking it (quoted printable in that case,
> I believe). While the contents of the attachments remained unaltered,
> the encoding encapsulation changed (Mime is ambiguous on several points
> and something time MailTools or MimeTools will pack something
> differently than will Evolution or Thunderbird). We had to stipulate
> something in MailScanner where the message was passed unmolested if
> nothing was found untoward in it, rather than repacking it and sending
> it on.
>
> There are a couple of MailScanner Mime settings that could impact this
> but I seriously doubt it.
>
If anything running on the ALE mail server that would affect mail going
through the list could be a cause. If it's not repacking the message
back exactly as it was received this would invalidate the signature very
easily...
> Try this for a test. Send a message back to me and to the list. Just a
> Reply-All should do just fine. I can do a byte for bye, attachment for
> attachment comparison. Make SURE <mhw at wittsend.com> is on the cc list,
> so I get a direct copy. You should be able to verify my signatures on
> this message the same way. Compare the results from the ALE relay to
> the direct message.
>
> Regards,
> Mike
>
>> What is needed now is to test a gpg signature sent from a plain text
>> (NOT from firegpg) email through mailman. It needs to be tested
>> through both firegpg and regular text email (anyone got a quick link
>> to gpg with mutt?).
>>
>> I sent myself a test message from firegpg to myself and NOT through
>> mailman. firgpg then reported it as a good signature. That leads me to
>> think the issue _is_ with mailman.
>>
>> oh joy. criticizing a gnu codebase ....
>>
>> On Sat, Nov 28, 2009 at 12:41 PM, Jeremy T. Bouse
>> <jeremy.bouse at undergrid.net> wrote:
>> jim.kinney at gmail.com wrote:
>>
>> > This is a simple test of firegpg running on Fedora
>> 12/Firefox 3.5.5
>> >
>> > Please reply with good or bad signature status.
>> >
>>
>>
>> gpg command line and output:
>> /usr/bin/gpg
>> gpg: Signature made Sat 28 Nov 2009 11:04:06 AM EST using RSA
>> key ID
>> 6A87D3C5
>> gpg: BAD signature from "James P. Kinney III (Physicist,
>> Brewer, Dad)
>> <jimkinney at gmail.com>"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://mail.ale.org/pipermail/ale/attachments/20091128/7dda51ea/attachment.bin
More information about the Ale
mailing list