In <2147483647(_dot_)1068836160(_at_)[10(_dot_)0(_dot_)1(_dot_)5]> Cyrus Daboo
<daboo(_at_)cyrusoft(_dot_)com> writes:
A non-format=flowed aware client, when processing a received format=flowed
message, will first do CTE decoding and then display the message.
Verification of the signature will then be done on the unflowed text (i.e.
with trailing spaces and CRLFs etc).
No, that will not do, because mail clients, generally speaking, do not do
PGP verification (whether inline or PGP/MIME). What usually happens is
that the user takes the signed text displayed on his screen, and verifies
it by a separate process. This usually starts by copying it all to the
Clipboard, and then passing the Clipboard to some verifier.
Which raises another issue. Mail clients which support format=flowed
SHOULD put the original (unflowed) version of the text onto the Clipboard.
IOW, you should be able to take the displayed text, put it into the
clipboard (or dran'n'drop it), and plonk it into another (format=flowed
aware) window, and it should automagically appear reflowed to suit the new
window.
Thus a format=flowed aware client that generates a message would first wrap
the text doing flow, then do the PGP signature, and then do CTE encoding.
That is the only way to work with non-aware clients.
Yes, except that it should still work, modulo malicious changes to the
line endings, even if the CTE stage is omitted.
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave,
CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5