[Djigzo users] [OT] Invalid signature because of "Content-Transfer-Encoding: 8bit"

Martijn Brinkers martijn at djigzo.com
Wed Apr 20 15:33:54 CEST 2011


> today i got a mail fro a well known German Trustcenter with a invalid
> signature warning (content altered). A former mail to an other account
> from the same Trustcenter was valid. On inspection it looks like someone
> altered the encoding because the valid mail has
> "Content-Transfer-Encoding: 8bit" and the broken one
> "Content-Transfer-Encoding: quoted-printable". As far as i know a SMTP
> server should only pass 8bit if the remote site announces 8BITMIME, so i
> suspect this is the trouble maker because neither Djigzo nor our Virus
> scan announces 8BITMIME :-(
> 
> Any comments on this?

The application that added the signature is not RFC 3851 compliant.
before signing a message the mail agent should convert 8bit mime bodies
to 7bit. This is important because if SMTP sees that a server does not
support 8bit, it should convert the message to 7bit. Because of this
conversion the message has been changed and therefore the signature is
no longer valid. So the trouble maker is the application that signed the
message :). The problem is that there is not much you can do. In
principle you can disable the conversion from 8bit to 7bit in your own
gateway (not that I recommend that ;) but you cannot control other
intermediate gateways.

Kind regards,

Martijn

-- 
Djigzo open source email encryption
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3398 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.ciphermail.com/pipermail/users/attachments/20110420/e2b28df3/attachment-0001.p7s>


More information about the Users mailing list