[Users] [Bug 3019] Messages with inline PGP signature not flagged as signed in the message list

noreply at thewildbeast.co.uk noreply at thewildbeast.co.uk
Sun Oct 20 16:24:21 CEST 2013


--- Comment #8 from Ian Nartowicz <mozilla at virginmedia.com> ---
I did find another issue with inline-signed messages.  Perhaps should be a
separate bug?  The signature should verify that the contents of the message are
as they were when the message was signed, but if extra text is entered on the
blank line between the HASH line and the rest of the message body then it is
still declared to be validly signed.  Changes anywhere else in the message body
result in a bad signature message.  The spec states that changes anywhere
between the start of the HASH line, or the start of the PGP SIGNED line if
there is no HASH line, and the signature should not be tolerated.

You are receiving this mail because:
You are the assignee for the bug.

More information about the Users mailing list