[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PGP-MIME
> For PGP to really make use of MIME, it could use "multipart" types
> to separate the objects being encrypted and/or signed from the
> signatures and encrypted session keys associated with them.
No, this is WRONG. Take a look at the PEM-MIME Internet Draft. You
*do not* want to separate the signature from the body of text being
signed, since then you lose the delimiters of the signed message, and
MIME can do anything with the data (like transfer tabs to spaces,
etc.) This is BAD.
If you keep the message and signature together, it will work better.
MIME still does funky things, however, some times.
Currently, you can easily use MIME as a transport mechanism for PGP
messages. However currently there is no way to use PGP security for a
MIME message. Hopefully we can take what the PEM-MIME effort has
learned and apply that to PGP..
-derek