[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP-MIME

To: Brad Huntting <[email protected]>
Subject: Re: PGP-MIME
From: Derek Atkins <[email protected]>
Date: Sat, 28 Aug 93 23:17:21 EDT
Cc: [email protected]
In-Reply-To: Your message of Sun, 29 Aug 93 16:50:06 -0600. <[email protected]>

> For PGP to really make use of MIME, it could use "multipart" types
> to separate the objects being encrypted and/or signed from the
> signatures and encrypted session keys associated with them.

No, this is WRONG.  Take a look at the PEM-MIME Internet Draft.  You
*do not* want to separate the signature from the body of text being
signed, since then you lose the delimiters of the signed message, and
MIME can do anything with the data (like transfer tabs to spaces,
etc.)  This is BAD.

If you keep the message and signature together, it will work better.
MIME still does funky things, however, some times.

Currently, you can easily use MIME as a transport mechanism for PGP
messages.  However currently there is no way to use PGP security for a
MIME message.  Hopefully we can take what the PEM-MIME effort has
learned and apply that to PGP..

-derek

Follow-Ups:
- Re: PGP-MIME
  - From: Brad Huntting <[email protected]>

References:
- PGP-MIME
  - From: Brad Huntting <[email protected]>

Prev by Date: Total RSA in PGP
Next by Date: Re: Total RSA in PGP
Prev by thread: Re: PGP-MIME
Next by thread: Re: PGP-MIME
Index(es):
- Date
- Thread