Tony Capel wrote:
2) I have found that clear-signing often fails with messages going from
one organization to another and it has not always been clear why.
I can give you a good reason why: certain Microsoft mail applications (i.e.
Outlook) make no effort to escape "From" if it appears on the beginning of a
line. However, when that message leaves the organization and lands at a
*NIX mail server, the mail server is inserting the ">" because of settings
in Sendmail or Exim.
My experience has been that non-MS mail applications (Netscape Messenger,
Thunderbird, Eudora) do a good job of escaping "From" when sending. MS
Exchange has no option to escape "From" upon receipt.
I agree with Blake that there is already a recommendation in the document
that "additional steps are recommended to defend against known corruptions
that can occur during mail transport that are of particular importance
for clear- signing using the multipart/signed format." I also
want people to understand that this is a prevalent problem, and anything we
can add to reduce the likelihood of occurence is a good thing. The
suggestion to use quoted-printable encoding for messages which have "From"
in the beginning of the line appears nowhere other than the sample message
in 3.1.4--which is easily ignored.
Thanks,
--Peter
+---------------------------------------------------------------+
| Peter Hesse pmhesse(_at_)geminisecurity(_dot_)com |
| Phone: (703)934-2031 Gemini Security Solutions, Inc. |
| ICQ: 1942828 www.geminisecurity.com |
+---------------------------------------------------------------+
"Pay no attention to what the critics say; there has never been
a statue set up in honor of a critic." --Jean Sibelius