[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: extra dashes in PGP-related blocks?
-----BEGIN PGP SIGNED MESSAGE-----
To: [email protected] (Andrew Brown)
cc: [email protected] (Jonathan Rochkind), [email protected]
Subject: Re: extra dashes in PGP-related blocks?
> but is a remailer (or pgp) smart enough to take the output from checking
> a signature and run pgp over it again? is it going to know to take something
> and pass it through pgp until pgp can't do anything with it any more? i think
> that's the problem that jrochkin was addressing. he has a pgp encrypted
> message and then signs it and then wants to mail it to a remailer so that the
> remailer can decrypt the message but it won't ecause the encryption is
> nested...
Why would it have to? A plain remailer takes the input you give it,
and replays it to the output. It doesn't modify the message in any
way, so there is no problem.
A remailer that signs a message should take what you send it (no
matter _HOW_ you sent it), sign that message wholesale, and then send
out the signed message. This means that if you send it a PGP-signed
message, the output message will have two signatures -- the outer
signature being the signing remailer, and the inner signature (which
is quoted by PGP at the remailer) is the signature on the original
message.
This is the correct behavior, and _SHOULD NOT_ be changed.
An anonymizing remailer _might_ want to take the output of a PGP
message and pass that into the output, but that is a different
function altogether.
I dont understand why a plain remailer should have to know anything
about PGP if it is just doing remailing, and in any case it should
never have to verify a PGP-signed message, unless that is the purpose
of the remailer. And even if that IS the case, it should only unwrap
the OUTERMOST wrapping from PGP -- it *SHOULD NOT* recursively try to
collapse the PGP armors. That is NOT a remailer's job.
- -derek
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQBuAwUBLuzSYzh0K1zBsGrxAQGR3gLDBxPn9cmWWvWwyRdlcYUlRs5LqMHjMkRa
lmOggyb2QmFS1+vEqJ2a1oUxdLJHzNcH4JxjBplDKASmG19Ixvkt1nIjkwGi3yzN
J02drrVGYJqs426qnQhxI8E=
=B6In
-----END PGP SIGNATURE-----