From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dkg@fifthhorseman.net>
Received: from localhost (localhost [127.0.0.1])
 by arlo.cworth.org (Postfix) with ESMTP id 805F36DE135E
 for <notmuch@notmuchmail.org>; Tue, 22 Nov 2016 15:08:00 -0800 (PST)
X-Virus-Scanned: Debian amavisd-new at cworth.org
X-Spam-Flag: NO
X-Spam-Score: -0.054
X-Spam-Level: 
X-Spam-Status: No, score=-0.054 tagged_above=-999 required=5
 tests=[AWL=-0.054] autolearn=disabled
Received: from arlo.cworth.org ([127.0.0.1])
 by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id C5ewnjuyTi-7 for <notmuch@notmuchmail.org>;
 Tue, 22 Nov 2016 15:07:59 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118])
 by arlo.cworth.org (Postfix) with ESMTP id BA1EC6DE135D
 for <notmuch@notmuchmail.org>; Tue, 22 Nov 2016 15:07:59 -0800 (PST)
Received: from fifthhorseman.net (unknown [38.109.115.130])
 by che.mayfirst.org (Postfix) with ESMTPSA id 08986F98C;
 Tue, 22 Nov 2016 18:07:58 -0500 (EST)
Received: by fifthhorseman.net (Postfix, from userid 1000)
 id E76F4201A7; Tue, 22 Nov 2016 18:07:55 -0500 (EST)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Marius Bakke <mbakke@fastmail.com>, notmuch@notmuchmail.org
Subject: Re: T350 test failures with gnupg-2.1.16
In-Reply-To: <87h96zi6ji.fsf@alice.fifthhorseman.net>
References: <87shqj5nha.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me>
 <87h96zi6ji.fsf@alice.fifthhorseman.net>
Date: Tue, 22 Nov 2016 18:07:53 -0500
Message-ID: <87eg23i052.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-BeenThere: notmuch@notmuchmail.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Use and development of the notmuch mail system."
 <notmuch.notmuchmail.org>
List-Unsubscribe: <https://notmuchmail.org/mailman/options/notmuch>,
 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
List-Archive: <http://notmuchmail.org/pipermail/notmuch/>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Subscribe: <https://notmuchmail.org/mailman/listinfo/notmuch>,
 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Nov 2016 23:08:00 -0000

--=-=-=
Content-Type: text/plain

On Tue 2016-11-22 15:49:37 -0500, Daniel Kahn Gillmor wrote:
> On Tue 2016-11-22 14:22:09 -0500, Marius Bakke wrote:
>> T350-crypto: Testing PGP/MIME signature verification and decryption
>>  PASS   emacs delivery of signed message
>>  FAIL   signature verification
>>         --- T350-crypto.2.expected      2016-11-22 18:59:48.341851653 +0000
>>         +++ T350-crypto.2.output        2016-11-22 18:59:48.341851653 +0000
>>         @@ -11,7 +11,7 @@
>>                                          "id": 2
>>                                      },
>>                                      {
>>         -                                "content-length": 280,
>>         +                                "content-length": 312,
>>                                          "content-type": "application/pgp-signature",
>>                                          "id": 3
>>                                      }
>
> If you could get me a copy of the actual application/pgp-signature part,
> i'd be interested in looking at it.  Unlike bremner, i'm actually able
> to duplicate this problem on debian sid, so i'll see what i can figure
> out.

OK, the difference here is that 2.1.16 is automatically including the
full OpenPGP v4 fingerprint in the message signature.  This is part of
the ongoing discussion around revisions to the OpenPGP standard, and it
makes it easier for a mail user agent to tell whether it's missing the
key for verification or whether the signature is just bad.

so the length of the signature is extended by about 23 octets (1 octet
of subpacket length; 1 octet of subpacket type, 1 octet of fpr versio
number, and 20-octets of fingerprint), which becomes about 32 octets
after base64 encoding, hence the increase in content-length from 280 to
312 octets.

As for how to fix it -- i guess the right thing would be to make that
number variable -- as long as the signature is non-zero and it
validates, i think it'd be fine.

           --dkg

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEE7bLnT1b88rZyl7c1JOz/Wv9oNwoFAlg0z8lfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEVE
QjJFNzRGNTZGQ0YyQjY3Mjk3QjczNTI0RUNGRjVBRkY2ODM3MEEACgkQJOz/Wv9o
Nwr19w//QineT/b41ibrGBlSbSm/HrFKj+x6G3X+uSjFsY0TfWx4wvjEWqUrsf3O
JT/ylCsZNPQtkhSeZfFzJ6+LXv+WjMAEtn6q0acd1GS7zEmmFS1fLBcJjYYggZ7i
g3oLDs5dbSEHIzGAc/+H//d0Ak8c1c3XgHI/gnLyeW1PUcZtQu1DH6JXFPaSBi41
HItG9T5cBLef1E9YkXIDL+W08Bo+Pf/IpeKFbO7ACqUobsE+qgrjPlyCi/BlPrv/
Ek7L60SC0YXpgjK7d02ZPxmYIeFb7nUn3hJJtwjMz6uF2kl6yimi7Xg3Rt6k7kxJ
WGFgNj4NTHYLhz7lBQatBezj6x5p1r2zl/nDbaZ9xW4ccaAW2yK4igps923aU49R
dhnlKRvxdQwmViAfoov9v0mh5PrIiBH9WEGYaSHmxe8bVxyfpmbeoXzN8WUS+rjE
AnPH9EW6OYVgCDSDbx09aeMtfVveT8/0lHuJQjWW5ZMO+oqALipgIYe2PPyMOAZ1
fNL4DMuj9QT7b98X1yndTAbLXyULqUl/9zyhmsHYbmej/VblpbGAniK56q2sfQN9
vgng0IVN86p8b5KO6c61BzcwfhPGtXBMn+SzxZOywrLJRpjfFN6lS2VKlVzBZQvH
v4DQREYIS06mN3pgomIqzDG+l6o+fSzIKXLS6vanmrf+/5osMf0=
=fWjJ
-----END PGP SIGNATURE-----
--=-=-=--