[kmail2] [Bug 439958] X-Face can break cryptographic signatures
David C. Bryant
bugzilla_noreply at kde.org
Mon Sep 27 14:13:52 BST 2021
--- Comment #14 from David C. Bryant <davidbryant at gvtc.com> ---
(In reply to Sandro Knauß from comment #13)
> I can confirm it [snip ...]
> @David: can you check, if you get proper signatures, if you disable the
> picture (X-Face)? (Picture tab of the Identity).
Yes, Sandro, signatures work fine with X-Face disabled. See the screenshot I'm
adding as an attachment to this bug report today. I am using the same picture
as was in the X-Face header as my gravatar (see discussion below). So the
message appears the same (to me) both with and without embedded X-Face headers
(except that X-Face breaks the crypto signature).
A friend referred me to this web page:
and raised the question "should the X-Face header be a protected header?" I'm
not real sure of the answer. Personally, I don't care if somebody views the
wrong picture in a signed message I send. Integrity of the text message is all
I really care about. Others might feel differently, though.
One other thing. The field used to display the "X-Face" picture is also used to
display "gravatars" kept on file in KAddressbook. So people can (in effect)
attach pictures to their messages without using "X-Face" (with the recipient's
assistance). One can even configure KMail itself to search for gravatars on the
internet (Configure KMail --> Plugins --> Gravatar Config). So "X-Face" is
becoming redundant. Just a thought.
You are receiving this mail because:
You are the assignee for the bug.
More information about the Kdepim-bugs