Comment 7 for bug 211830

actually, it's probably not the signature that is wrong, but the way we verify it. I suspect we have to decode/normalize something before trying to verify the signature. The signature verifies ok in mutt (which uses gpg to verify it). This is a separate bug than the original one.