6.0.0-alpha12
6/9/25

[#3481] Allow both PGP and/or S/MIME verification
Summary Allow both PGP and/or S/MIME verification
Queue IMP
Queue Version HEAD
Type Enhancement
State Rejected
Priority 1. Low
Owners
Requester selsky (at) columbia (dot) edu
Created 02/15/2006 (7054 days ago)
Due
Updated 03/02/2006 (7039 days ago)
Assigned
Resolved 03/02/2006 (7039 days ago)
Milestone
Patch No

History
03/02/2006 06:29:19 PM Matt Selsky Comment #6 Reply to this comment
That was it.  Thanks.
03/02/2006 06:24:16 PM Michael Slusarz Comment #5
State ⇒ Rejected
Reply to this comment
You don't have the PGP option 'Should the body of text/plain messages 
be scanned for PGP data?' selected then.  The PGP signature 
information is not PGP/MIME compliant so it won't happen unless that 
option is set.  This message verifies successfully with both protocols 
in HEAD.
03/02/2006 06:05:11 PM Matt Selsky Comment #4
New Attachment: Advisory_ Internet Explorer Drag and Drop Redeux _CVE-2005-3240_ _fwd.eml Download
Reply to this comment
Mutt verifies this message using both PGP and S/MIME.
03/02/2006 05:32:33 AM Michael Slusarz Comment #3
State ⇒ Feedback
Reply to this comment
no email client can handle a PGP and smime signed message - it makes
no sense at all - if you do multiple signing it has to be either PGP
or SMIME not both
I share the same concerns.  According to the RFCs, any 
multipart/signed part must contain a 'protocol' parameter.  And this 
protocol parameter must be either PGP or S/MIME, not both.  The only 
example I can think of would be as follows:



multipart/signed - PGP

   [pgp header data]

   multipart/signed - SMIME encryption

     [data]

   [end] multipart/signed - SMIME

[end]



this message would be completely pointless since there is no reason to 
encrypt an already encrypted message (or sign an already signed 
message, etc.)  Anyway, if we can't handle this data then this is an 
issue e.g. Bug 1866 anyway.
03/01/2006 11:08:15 PM harakiri_23 (at) yahoo (dot) com Comment #2 Reply to this comment
no email client can handle a PGP and smime signed message - it makes 
no sense at all - if you do multiple signing it has to be either PGP 
or SMIME not both
02/15/2006 01:33:54 AM Matt Selsky Comment #1
State ⇒ New
Priority ⇒ 1. Low
Type ⇒ Enhancement
Summary ⇒ Allow both PGP and/or S/MIME verification
Queue ⇒ IMP
Reply to this comment
If a message is signed with both S/MIME and PGP, the user is only 
given the option of verifying the message using S/MIME.  PGP 
verification should be done as well.

Saved Queries