Mailing List Archive: Open PGP signatures on Thunderbird

Hello list,

I recently configured Thunderbird to digitally sign my emails using my
GnuPG key. It seemed to be working fine with the tests I made to my
other email address, however, I noticed an email I sent to this list was
unreadable from the archive [0]. Therefore, I assume something is wrong
with my setup since, from my understanding, nothing special is required
from the receiver's side to read signed (and not encrypted) messages.

Does anyone else on this list use Thunderbird with OpenPGP signatures
that could help me figure out why this is happening? The configuration
on Thunderbird is rather straight forward some I'm not sure what I
could've done wrong.

Do receivers have to accept/add my signature (which attaches itself to
my emails by default) before they can view my messages?

Strangely, the Gentoo User list archive has a small button at the button
"Find on MARC"; when I click this, my email is readable just fine [1].
This would indicate that perhaps the Gentoo archive isn't configured to
handle signatures, however I am not the only one on this list who signs
their emails, and other signed emails are readable just find on the
Gentoo archive.

Thanks,
Julien

[0]
https://archives.gentoo.org/gentoo-user/message/1664f7907141dd782fc7f469baf7de83
[1] https://marc.info/?l=gentoo-user&m=165525962832464

On Friday, 17 June 2022 02:38:38 BST Julien Roy wrote:
> Hello list,
>
> I recently configured Thunderbird to digitally sign my emails using my
> GnuPG key. It seemed to be working fine with the tests I made to my
> other email address, however, I noticed an email I sent to this list was
> unreadable from the archive [0]. Therefore, I assume something is wrong
> with my setup since, from my understanding, nothing special is required
> from the receiver's side to read signed (and not encrypted) messages.

I have been able to read your emails and signature, with Kmail, but the
archive would use a different parser which it seems does not like the format of
your signed message.

> Does anyone else on this list use Thunderbird with OpenPGP signatures
> that could help me figure out why this is happening? The configuration
> on Thunderbird is rather straight forward some I'm not sure what I
> could've done wrong.

I don't have a signed message of yours available to examine its structure.
You can check your Thunderbird's OpenPGP format to determine if the 'Content-
Type' in the headers of the message is binary, or ASCII and if the signature
is attached or embedded. I'm guessing the archive may have problems with
binary. An attached ASCII signature works here.

> Do receivers have to accept/add my signature (which attaches itself to
> my emails by default) before they can view my messages?

No, the receiving mail client application should deal with signature
verification automatically and warn the receiver if the signature signing
party's key is not trusted. The receiver would not normally manually alter
the trust status of a sender's public key, unless the identity of the sender
and his corresponding key fingerprint can be verified off-line.

> Strangely, the Gentoo User list archive has a small button at the button
> "Find on MARC"; when I click this, my email is readable just fine [1].
> This would indicate that perhaps the Gentoo archive isn't configured to
> handle signatures, however I am not the only one on this list who signs
> their emails, and other signed emails are readable just find on the
> Gentoo archive.
>
> Thanks,
> Julien
>
>
> [0]
> https://archives.gentoo.org/gentoo-user/message/1664f7907141dd782fc7f469baf7
> de83 [1] https://marc.info/?l=gentoo-user&m=165525962832464

I expect different mailing list managers use different parsing code and the
archive discriminates against the format of the signed messages your T'bird is
posting.

If you prefer you can send me a message off list and I can check its structure
at the receiving end.

Mailing List Archive

Mailing List Archive

Attached Files: