[fwd] Re: PGP/MIME implementors: text mode vs. binary mode? (from: hal@finney.org)

Thomas Roessler roessler@does-not-exist.org
Wed Feb 14 23:22:07 2001 

--6sX45UoQRIJXqkqR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2001-02-14 15:35:30 -0600, JP Sugarbroad wrote:

>> I can't help thinking that the distinction between text and
>> binary mode is not that useful in solving this problem.  Let's
>> not get hung up on the specification incompatibility between
>> PGP 2.X and OpenPGP.

> Bah. PGP/MIME is a broken standard anyway. Signing post-CTE data is
> simply ASKING for problems.

Not at all.

More precisely, PGP/MIME helps to address several ugly problems you
normally have with detached signatures:

- PGP/MIME includes MIME headers with the signature, thereby
  indicating how the signed data should be interpreted.  This can be
  crucial - remember all these nice "is valid in N+1 formats" files?
  (For instance, you could do interesting things with XPMs.)

- By signing post-CTE, you have something signed which has been
  translated to some well-defined format before.  Now, just look
  what happens when you mix character set conversions with cleartext
  signatures...

- PGP/MIME signed messages can be read by MIME-aware, but
  PGP-unaware clients, with the same results as far as the signed
  data are concerned.  I have yet to see any other signature scheme
  which has this property.
 =20
Most likely, I'm missing other benefits right now.

--=20
Thomas Roessler			    <roessler@does-not-exist.org>

--6sX45UoQRIJXqkqR
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3in

iQEVAwUBOosEM9ImKUTOasbBAQHpRwf5AQLL1KziI1C1gYpYOYwab8c/L5smxGZO
M/cDRJCvt1+55ZTc0zVJz7AmwcMXS6mGeaCWLa/rrbWz7aMwfKQll3ZzmP3L/bIX
LDB2U9x7iA5jc8XuHPRhVXfjdktKqPVFVJEScG3sCmH08dGwo+P51TAaQj9Uv2tf
b6DUXDtLQ7RksEDaLjeZp2rOwitMBrpLPk0rN36ZcZbWL7M9m2MepIwmExaKzz/D
aJQkJOdLNS7foGvw4cVqem/sNWxtXOZREMEfkNUzb/KVZ0u7ynKYXaCKgDGORs70
SwY24S5Tp1b6WB2MsGqF5amr5EhRq/ZrkIDXz1Km6vXY1mzDCrRvEA==
=VvoC
-----END PGP SIGNATURE-----

--6sX45UoQRIJXqkqR--