Disclaimer within signed body?
-----BEGIN PGP SIGNED MESSAGE----- It's been suggested that I put my "signature disclaimer" within the signed block. There are several pluses and minuses to this, and I wanted to see what others think (As an aside, by the way, I think the aesthetics of the output are important). As Eric pointed out to me last night, in general it's bad to modify the body of a message. I think that what I've been doing is fine, as the clear distinction betweem original message and additional stuff is maintained. However: the disclaimer should really be bound to the signature. Using the "comment" block won't do this, since PGP does not use it as part of the signature. Additionally, people whose software runs the messages through PGP will never see the disclaimer if it's outside of the signed block. What are folks' opinions on this? My options are: - Do nothing. Memory and the general appearance of the disclaimer are enough that people won't be fooled by a message with a removed disclaimer. - Put the disclaimer within the signature block. In essence, doing nothing as above, but that's what the comment block is there for and it might look nicer. - Put the disclaimer at the top of the signed body. Ugly, since it immediately forces its presence in a message, but effective for the same reason. - Put the disclaimer at the bottom of the signed body. It's still modifying the signed body, but in a much less obtrusive manner. Input? - -- Todd Masco | "Roam home to a dome, Where Georgian and Gothic once stood cactus@hks.net | Now chemical bonds alone guard our blond(e)s, cactus@bb.com | And even the plumbing looks good." - B Fuller -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBFAwUBLt+AfCoZzwIn1bdtAQF0uQF/R2+Wc4tKXs0/+Qc79ln01EUOT8seW4wC tKLa8H8CGAI33Exh/FeMvtYjnUEdPcXL =5852 -----END PGP SIGNATURE----- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address belonging to the signature and forwarded.]
Todd's autosigner raises some good issues about what signatures can actually represent. Todd's service takes an incoming message, attaches a note about technical means and also a signature. As Todd points out, this signature represents the fact that a message destined for the cypherpunks list passed through his server. But Todd also wants the signature to attest to the disclaimer attached to the mail. The signature, therefore must be affected by both segments of text, that is, the disclaimer must be inside the signature. There is also, however a desideratum that the original message be preserved to the greatest degree possible. Since two text segments must go inside the sig block, there must be a packaging syntax to represent a two part message composed of the original message and the disclaimer. There is already a syntax which accomplishes this for email--MIME. I'm not going to get the syntax of this example right. ----------------------------------------------------------------------------- --- Begin signed message --- :: Content-Type: multipart/mixed Content-Length: [...] Boundary: === Content-Type: text/ascii === <original message> === Content-Type: text/ascii disclaimer === <disclaimer> === --- Begin signature --- a;sdfj;alsdjf;a lsjas;ldkfj;asjdf;askjdf;laskjdfdf a;sdfj;asdjf;asfj;alsjdf;aljdf;alsdjf;alsjdf;asjdf --- End signed message --- ----------------------------------------------------------------------------- Now as far as aesthetics, this has got a lot of screenjunk in it. It does, however, represent exactly what is going on in a way that the right kind of MIME capable reader can make exact use of. I'm not advocating this. I do think, though, that a minimal solution to all the criteria at once looks a lot like this. Eric
participants (2)
-
cactus@hks.net -
eric@remailer.net