One problem in this implementation is authentication of the original
sender. The server removes original sender's signature attached to an
encrypted message when replacing an original message with the re-encrypted
message. This is because PGP decrypt program, pgpv, strips the signature
when it decrypts the message.
Many people advised me about this issue. Thanks > everyone.
I think that the best way is modifying pgpv to stop the decryption process
after finding an encrypted message and re-encrypting the message with the
Is this modification easy?
Another problem is comformance to OpenPGP/MIME specification proposed by
K.Yamamoto[OpenPGP/MIME]. For example, if an original message is using
'Encrypted-then-Signed' service, the current implementation replace the
inner multipart/encrypted MIME object and this makes impossible to verify
the signature in the outer multipart/signed MIME object.
I think that this issue needs to define standard processes of this kind of
mailing list agents.
I mean, for example, if a signed-then-encrypted message is posted to a
mailing list, the mailing list agent should decrypt and re-encrypt to the
members, then the agent may sign to it. Or, if a encrypted-then-signed
message, the agent can eliminate the signature and decrypt&re-encrypt, and
In S/MIME, an I-Draft, "Enhanced Security Services for S/MIME" describes
secure mailing list services and defines the standerd process of mailing
list agents. We need the definitions like it for OpenPGP, don't we? --hiro