[Top] [All Lists]

Re: Format=Flowed/RFC 2646 Bis (-02)

2003-11-16 17:23:51

Hi Simon,

--On Saturday, November 15, 2003 2:42 +0100 Simon Josefsson <jas(_at_)extundo(_dot_)com> wrote:

| Receive (MIME-aware, PGP aware): CTE decode PGP armor, verify, CTE
|   body, display.

Sorry - but this is a non-starter - you are expecting existing deployed clients to magically change their behaviour to cope with format=flowed inline signed messages. The only way to ensure format=flowed inline signed messages work with existing clients is to use the procedure I outlined (or just not use format=flowed). Yes it is vulnerable to a man-in-the-middle attack but that is true for anything that does not also sign the message headers. A man-in-the-middle that changes text/plain to text/html will result in pretty much the same display 'corruption' without the need to even change the body content, so its not a problem specific to format=flowed.

Cyrus Daboo