[ale] testing firegpg with mailman
Jeremy T. Bouse
jeremy.bouse at undergrid.net
Sun Nov 29 10:47:18 EST 2009
Jim Kinney wrote:
> OK all. Michael sent this email to the group with a valid signature
> attached. It went through mailman and is valid as per FireGPG on my
> fedora12/Firefox 3.5.5 system.
>
> Did anyone get this with a bad signature? Please indicate whether your
> mailreader is Gmail/FireGPG, evolution, thunderbird/enigmail, mutt
> w/gpg, etc.
>
The problem hasn't been with FireGPG being able to validate
signatures... It's been validating signatures *sent* using FireGPG that
go through the ALE mailman instance...
So long as the message is signed using anything *except* FireGPG
mailman is not mangling it and the signatures are then verified. Somehow
FireGPG is handling the issue the signatures still appear valid, I can
only suppose it's noticing the MIME content headers have been reformated
and formats them back before verifing.
> On Sat, Nov 28, 2009 at 3:18 PM, Michael H. Warfield <mhw at wittsend.com
> <mailto:mhw at wittsend.com>> wrote:
>
> Jim,
>
> On Sat, 2009-11-28 at 14:23 -0500, Jim Kinney wrote:
> > OK. So Mailman is (maybe) munging the gpg signature. Fixing that will
> > be a challenge if it's caused by signing the wrong sections of the
> > message body.
>
> Something is not right here. I run a mailman site supporting several
> dozen lists and multiple domains (IT-ISAC, ISAC Council, +++) and I
> don't see this problem. We use gpg/pgp all the time on those lists.
> Furthermore, my own signatures through the ALE list seem to be coming
> through fine.
>
> Couple of years ago, I did run into a problem with MailScanner which
> Julian and I took a few days to shoot. In that case, MailScanner was
> unpacking the mime and then repacking it (quoted printable in that case,
> I believe). While the contents of the attachments remained unaltered,
> the encoding encapsulation changed (Mime is ambiguous on several points
> and something time MailTools or MimeTools will pack something
> differently than will Evolution or Thunderbird). We had to stipulate
> something in MailScanner where the message was passed unmolested if
> nothing was found untoward in it, rather than repacking it and sending
> it on.
>
> There are a couple of MailScanner Mime settings that could impact this
> but I seriously doubt it.
>
> Try this for a test. Send a message back to me and to the list. Just a
> Reply-All should do just fine. I can do a byte for bye, attachment for
> attachment comparison. Make SURE <mhw at wittsend.com
> <mailto:mhw at wittsend.com>> is on the cc list,
> so I get a direct copy. You should be able to verify my signatures on
> this message the same way. Compare the results from the ALE relay to
> the direct message.
>
> Regards,
> Mike
>
> > What is needed now is to test a gpg signature sent from a plain text
> > (NOT from firegpg) email through mailman. It needs to be tested
> > through both firegpg and regular text email (anyone got a quick link
> > to gpg with mutt?).
> >
> > I sent myself a test message from firegpg to myself and NOT through
> > mailman. firgpg then reported it as a good signature. That leads me to
> > think the issue _is_ with mailman.
> >
> > oh joy. criticizing a gnu codebase ....
> >
> > On Sat, Nov 28, 2009 at 12:41 PM, Jeremy T. Bouse
> > <jeremy.bouse at undergrid.net <mailto:jeremy.bouse at undergrid.net>>
> wrote:
> > jim.kinney at gmail.com <mailto:jim.kinney at gmail.com> wrote:
> >
> > > This is a simple test of firegpg running on Fedora
> > 12/Firefox 3.5.5
> > >
> > > Please reply with good or bad signature status.
> > >
> >
> >
> > gpg command line and output:
> > /usr/bin/gpg
> > gpg: Signature made Sat 28 Nov 2009 11:04:06 AM EST using RSA
> > key ID
> > 6A87D3C5
> > gpg: BAD signature from "James P. Kinney III (Physicist,
> > Brewer, Dad)
> > <jimkinney at gmail.com <mailto:jimkinney at gmail.com>>"
> >
> > --
> > James P. Kinney III
> > Actively in pursuit of Life, Liberty and Happiness
> >
> --
> Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
> /\/\|=mhw=|\/\/ | (678) 463-0932 |
> http://www.wittsend.com/mhw/
> NIC whois: MHW9 | An optimist believes we live in the
> best of all
> PGP Key: 0x674627FF | possible worlds. A pessimist is sure
> of it!
>
> --
> James P. Kinney III
> Actively in pursuit of Life, Liberty and Happiness
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://mail.ale.org/pipermail/ale/attachments/20091129/1c89cadf/attachment.bin
More information about the Ale
mailing list