From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id 805F36DE135E for ; Tue, 22 Nov 2016 15:08:00 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.054 X-Spam-Level: X-Spam-Status: No, score=-0.054 tagged_above=-999 required=5 tests=[AWL=-0.054] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C5ewnjuyTi-7 for ; Tue, 22 Nov 2016 15:07:59 -0800 (PST) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTP id BA1EC6DE135D for ; Tue, 22 Nov 2016 15:07:59 -0800 (PST) Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 08986F98C; Tue, 22 Nov 2016 18:07:58 -0500 (EST) Received: by fifthhorseman.net (Postfix, from userid 1000) id E76F4201A7; Tue, 22 Nov 2016 18:07:55 -0500 (EST) From: Daniel Kahn Gillmor To: Marius Bakke , notmuch@notmuchmail.org Subject: Re: T350 test failures with gnupg-2.1.16 In-Reply-To: <87h96zi6ji.fsf@alice.fifthhorseman.net> References: <87shqj5nha.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> <87h96zi6ji.fsf@alice.fifthhorseman.net> Date: Tue, 22 Nov 2016 18:07:53 -0500 Message-ID: <87eg23i052.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Nov 2016 23:08:00 -0000 --=-=-= Content-Type: text/plain On Tue 2016-11-22 15:49:37 -0500, Daniel Kahn Gillmor wrote: > On Tue 2016-11-22 14:22:09 -0500, Marius Bakke wrote: >> T350-crypto: Testing PGP/MIME signature verification and decryption >> PASS emacs delivery of signed message >> FAIL signature verification >> --- T350-crypto.2.expected 2016-11-22 18:59:48.341851653 +0000 >> +++ T350-crypto.2.output 2016-11-22 18:59:48.341851653 +0000 >> @@ -11,7 +11,7 @@ >> "id": 2 >> }, >> { >> - "content-length": 280, >> + "content-length": 312, >> "content-type": "application/pgp-signature", >> "id": 3 >> } > > If you could get me a copy of the actual application/pgp-signature part, > i'd be interested in looking at it. Unlike bremner, i'm actually able > to duplicate this problem on debian sid, so i'll see what i can figure > out. OK, the difference here is that 2.1.16 is automatically including the full OpenPGP v4 fingerprint in the message signature. This is part of the ongoing discussion around revisions to the OpenPGP standard, and it makes it easier for a mail user agent to tell whether it's missing the key for verification or whether the signature is just bad. so the length of the signature is extended by about 23 octets (1 octet of subpacket length; 1 octet of subpacket type, 1 octet of fpr versio number, and 20-octets of fingerprint), which becomes about 32 octets after base64 encoding, hence the increase in content-length from 280 to 312 octets. As for how to fix it -- i guess the right thing would be to make that number variable -- as long as the signature is non-zero and it validates, i think it'd be fine. --dkg --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE7bLnT1b88rZyl7c1JOz/Wv9oNwoFAlg0z8lfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEVE QjJFNzRGNTZGQ0YyQjY3Mjk3QjczNTI0RUNGRjVBRkY2ODM3MEEACgkQJOz/Wv9o Nwr19w//QineT/b41ibrGBlSbSm/HrFKj+x6G3X+uSjFsY0TfWx4wvjEWqUrsf3O JT/ylCsZNPQtkhSeZfFzJ6+LXv+WjMAEtn6q0acd1GS7zEmmFS1fLBcJjYYggZ7i g3oLDs5dbSEHIzGAc/+H//d0Ak8c1c3XgHI/gnLyeW1PUcZtQu1DH6JXFPaSBi41 HItG9T5cBLef1E9YkXIDL+W08Bo+Pf/IpeKFbO7ACqUobsE+qgrjPlyCi/BlPrv/ Ek7L60SC0YXpgjK7d02ZPxmYIeFb7nUn3hJJtwjMz6uF2kl6yimi7Xg3Rt6k7kxJ WGFgNj4NTHYLhz7lBQatBezj6x5p1r2zl/nDbaZ9xW4ccaAW2yK4igps923aU49R dhnlKRvxdQwmViAfoov9v0mh5PrIiBH9WEGYaSHmxe8bVxyfpmbeoXzN8WUS+rjE AnPH9EW6OYVgCDSDbx09aeMtfVveT8/0lHuJQjWW5ZMO+oqALipgIYe2PPyMOAZ1 fNL4DMuj9QT7b98X1yndTAbLXyULqUl/9zyhmsHYbmej/VblpbGAniK56q2sfQN9 vgng0IVN86p8b5KO6c61BzcwfhPGtXBMn+SzxZOywrLJRpjfFN6lS2VKlVzBZQvH v4DQREYIS06mN3pgomIqzDG+l6o+fSzIKXLS6vanmrf+/5osMf0= =fWjJ -----END PGP SIGNATURE----- --=-=-=--