Bugs item #815297, was opened at 2003-09-30 19:42 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=815297&group_id=103 Category: security/privacy Group: 2.1 (stable) Status: Open Resolution: None Priority: 5 Submitted By: Bernhard Reiter (ber) Assigned to: Nobody/Anonymous (nobody) Summary: Breaking signatures in message/rfc822 attachement! Initial Comment: Mailman _must_ not touch MIME-parts which are nested more deeply in the mail. As tested with Mailman 2.1.2, header lines will be sometimes reformatted in message/rfc822 attachments which will break the OpenPGP signature (also conforming to the PGP/MIME standard) on that part. I'm attaching a simple email with on long header. Forward this as MIME part and sign it sending it through Mailman, the signature will be broken. This is an email security affecting bug, because if people start believing that a *BAD* signature does not mean much, because they get many broken by mailman, they will not react to a seriously manipulated email anymore! ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=815297&group_id=103