Hi Simon,
--On Saturday, November 15, 2003 2:42 +0100 Simon Josefsson
<jas(_at_)extundo(_dot_)com> wrote:
| Receive (MIME-aware, PGP aware): CTE decode PGP armor, verify, CTE
| body, display.
Sorry - but this is a non-starter - you are expecting existing deployed
clients to magically change their behaviour to cope with format=flowed
inline signed messages. The only way to ensure format=flowed inline signed
messages work with existing clients is to use the procedure I outlined (or
just not use format=flowed). Yes it is vulnerable to a man-in-the-middle
attack but that is true for anything that does not also sign the message
headers. A man-in-the-middle that changes text/plain to text/html will
result in pretty much the same display 'corruption' without the need to
even change the body content, so its not a problem specific to
format=flowed.
--
Cyrus Daboo