[kmail2] [Bug 439958] X-Face can break cryptographic signatures

David C. Bryant bugzilla_noreply at kde.org
Mon Sep 27 14:13:52 BST 2021


--- Comment #14 from David C. Bryant <davidbryant at gvtc.com> ---
(In reply to Sandro KnauƟ from comment #13)
> I can confirm it [snip ...]
> @David: can you check, if you get proper signatures, if you disable the
> picture (X-Face)? (Picture tab of the Identity).

Yes, Sandro, signatures work fine with X-Face disabled. See the screenshot I'm
adding as an attachment to this bug report today. I am using the same picture
as was in the X-Face header as my gravatar (see discussion below). So the
message appears the same (to me) both with and without embedded X-Face headers
(except that X-Face breaks the crypto signature). 

A friend referred me to this web page:
and raised the question "should the X-Face header be a protected header?" I'm
not real sure of the answer. Personally, I don't care if somebody views the
wrong picture in a signed message I send. Integrity of the text message is all
I really care about. Others might feel differently, though.

One other thing. The field used to display the "X-Face" picture is also used to
display "gravatars" kept on file in KAddressbook. So people can (in effect)
attach pictures to their messages without using "X-Face" (with the recipient's
assistance). One can even configure KMail itself to search for gravatars on the
internet (Configure KMail --> Plugins --> Gravatar Config). So "X-Face" is
becoming redundant. Just a thought.

You are receiving this mail because:
You are the assignee for the bug.

More information about the Kdepim-bugs mailing list