Details
-
Bug
-
Resolution: Answered
-
Low
-
None
-
3.0.1
-
We're running Confluence under Tomcat, on RHEL 5.4 (x86_64), java version "1.6.0_13".
Description
Rather than rendering email in a <pre>...</pre> block, Confluence "html-ifies" plain-text email messages. If a message contains an inline PGP signature, this corrupts the message so that the signature can no longer be verified. Ideally, it should be possible to do something like:
curl http://confluence.example.com/display/SPACENAME/mail/xxxxxx | gpg --verify
Or for a plugin like FireGPG to verify inline signatures. Because of the modifications Confluence makes to email this is not possible.
This has become an issue locally because we are using the mail archive feature to archive PGP signed messages, and we are presenting them to a tech- and security-savvy user community.