[ale] [SPAM] again... sorry, please ignore

Jeremy T. Bouse jeremy.bouse at undergrid.net
Fri Nov 27 12:50:07 EST 2009


Jeremy T. Bouse wrote:
> Tim Watts wrote:
>> Thanks Jim.
>>
>> I wonder if "wrong sig" == "invalid sig"? I did use my @earthlink key
>> (A394BC7A) on a message sent from my @gmail account. That would, I
>> guess, indicate a "wrong sig" as opposed to an invalid sig (the msg
>> content and sig block don't agree).
>>
>> What got me digging into this is that your previous message showed up
>> with an "invalid signature". So I tried a few things with my earthlink &
>> gmail accounts using the A394BC7A key:
>>
>> elink account -> ALE via evolution	: good verify
>> gmail account -> ALE via evolution	: good verify
>> gmail account -> elink via evolution	: good verify
>> gmail account -> elink via gmail/firegpg: good verify
>> gmail account -> ALE via gmail/firegpg	: BAD verify
>>
>> So it looks like the (fireGPG + ALE list) combo invalidates GPG sigs.
>> The sig on this message should not be invalid (sent signed using
>> evolution). I noticed Brandon's signed msgs on the list a few days ago
>> also were invalidated but I couldn't tell what tool he was using.
>>
>> Any ideas what could be causing this?
>>
>>
>>
>> On Fri, 2009-11-27 at 11:13 -0500, Jim Kinney wrote:
>>> My firegpg says "wrong sig". Double check you have the correct sig as
>>> default.
>>>
>>> On Fri, Nov 27, 2009 at 10:30 AM, <timtwatts at gmail.com> wrote:
>>>         trying to isolate why some ALE sigs report as invalid. sending
>>>         via gmail/firegpg...
>>>         
> 
> 	The use of one key with a different email address should have no
> bearing on the signature validity. The signature is based on the key ID
> that generates it not the email address that sends it.
> 
> 	I'm not sure if this is definitive... but when I look at the raw
> messages (free from any MUA) I see the following for the email you sent
> w/ Gmail/FireGPG:
> 

[snip]

> 	The problem appears to be in that the Gmail/FireGPG email is base64
> encoded. It also looks like it's sending text/plain & text/html while
> Evolution is only sending text/plain.
> 
> 	It is always advisable that you use text/plain and disable text/html
> when using PGP/MIME. I turn off text/html for Thunderbird/Enigmail. As
> you say you can send to your elink acct via Gmail/FireGPG I would assume
> that the ALE list is seeing the text/plain+text/html PGP/MIME and
> possibly base64 encoding it. You could verify this by ensuring that the
> email you sent from Gmail to your elink acct that verified good isn't
> base64 encoded. You can also possibly check your Gmail sent folder and
> look at the raw message to see if the one you sent to ALE is base64
> encoded or not. If it's not base64 when being sent then it's being done
> by the ALE list software.
> 
	I just did some testing and sent myself email w/ gmail/firegpg to my
personal acct. I did one sending it in rich-text and plain text. In both
cases FireGPG base64 encoded the messages and in both cases
Thunderbird/Enigmail was able to verify the signature as valid. So it is
more and more looking as the ALE list software not liking the base64
encoded PGP/MIME email and doing something to change it that invalidates
the signature.

	The other option to try is sending to the ALE list using an inline
signature vs. PGP/MIME with gmail/firegpg and see if it goes through
without invalidating the signature.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 306 bytes
Desc: OpenPGP digital signature
Url : http://mail.ale.org/pipermail/ale/attachments/20091127/0aa00df0/attachment.bin 


More information about the Ale mailing list