PGP/MIME Outlook 2003/2007 + IMAP Leakage?

Two issues I thought I should report.

If someone using Thunderbird 1.5.x sends an email to either an outlook 2003 or 2007 client using PGP/MIME two behaviors occur.

PGP/MIME Signed: An .asc attachment arrives and it is impossible to use the decrypt/verify button on the message with success. Outlook says the message is an unviewable attachment, though gpg4win reports good signature.

PGP/MIME Encrypted: These are decrypted/verifed normally.

Strange IMAP Behavior: When I decrypted a PGP/MIME encrypted message and closed it, Outlook displayed a duplicate message in my IMAP inbox with the status of deleted. I can’t tell if Outlook saves the decrypted version back to the IMAP mailbox and then saves the encrypted version after you close the message then marks the encrypted message deleted. I’m not really equipped to thoroughly test this so I hope someone could verify if an unencrypted copy is saved to the IMAP mailbox at any time.

I managed to capture the message if a PGP/MIME signed message arrives. The plaintext message is readable with a signature.asc file attached. If you click the decrypt/verify icon no signature verification is done and the body of the message says:

[PGP/MIME signed message without a plain text body]

Is this expected behavior?

IIRC, a the verify process should attach an “info” file called sig-attestation which contains the information about the verifcation (the signature state).

Actually there is no new attachment. Is this a bug that I should submit to Microsoft? I’ve actually got their ear on some IMAP issues so if there’s anything broken with the way the client handles PGP/MIME now would be the time to tell them.