[Enigmail] Solved: PGP indicates enigmail signed messages are invalid

[Moonchild]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John W. Moore III wrote:
> Actually, the presence of broken/Bad signatures tends to indicate that
> You have "run into" some correspondents using RFC compliant software.
> The unverifiable signatures are most probably from GnuPG Users who
> haven't restricted GPG with the --pgp6 limiter.  Because of the pains

Actually, I only ran into it because the first thing I did was send
myself a signed message from TB with enigmail to test, and it failed
checking the signature. I haven't run into any issues with anyone else
so far, like I said.

As for problems with hashes having collisions etc. - Theoretically, it
is an issue. In practice, ANY hash will find situations where the same
hash is found for different sources, the question then becomes: is it a
practical issue to assume this minutely small chance will pose a problem
with normal use? Is there really a danger of someone, in a reasonable
amount of computing time, being able to recreate a valid has from an
altered message? I think it's unneeded.

As it is, I'll verify RFC4880 compliance with my peers before migrating
to it by removing the --pgp6 switch again.

I have tested the --pgp6 parameter and it solved the signing issue. So
it was definitely just a clear issue of the new RFC signatures not being
processed correctly by the old PGP.

As for legality: The PGP I use is an official build as supplied by PGP
at the time. It is not a command-line version, and purchased&licensed as
part of the mail/news suite. It had better not be illegal to use ;-)
Like I said in my original post: the client software hasn't been
developed for quite a while and it needs replacing.

Thanks for the help, folks.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iD8DBQFJ4xik2TLZrDX4ZcYRAo8DAJ9sAIaViqp46LTuUJv8eWomTzQLXQCgiHId
C7Bru+QPlGdLW52hogbkTmw=
=Nj3O
-----END PGP SIGNATURE-----