[fwd] Re: PGP/MIME implementors: text mode vs. binary mode? (from: hal@finney.org)
Thomas Roessler
roessler at does-not-exist.org
Wed Feb 14 23:22:07 CET 2001
On 2001-02-14 15:35:30 -0600, JP Sugarbroad wrote:
>> I can't help thinking that the distinction between text and
>> binary mode is not that useful in solving this problem. Let's
>> not get hung up on the specification incompatibility between
>> PGP 2.X and OpenPGP.
> Bah. PGP/MIME is a broken standard anyway. Signing post-CTE data is
> simply ASKING for problems.
Not at all.
More precisely, PGP/MIME helps to address several ugly problems you
normally have with detached signatures:
- PGP/MIME includes MIME headers with the signature, thereby
indicating how the signed data should be interpreted. This can be
crucial - remember all these nice "is valid in N+1 formats" files?
(For instance, you could do interesting things with XPMs.)
- By signing post-CTE, you have something signed which has been
translated to some well-defined format before. Now, just look
what happens when you mix character set conversions with cleartext
signatures...
- PGP/MIME signed messages can be read by MIME-aware, but
PGP-unaware clients, with the same results as far as the signed
data are concerned. I have yet to see any other signature scheme
which has this property.
Most likely, I'm missing other benefits right now.
--
Thomas Roessler <roessler at does-not-exist.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 475 bytes
Desc: not available
Url : /pipermail/attachments/20010214/f8241612/attachment.bin
More information about the Gnupg-devel
mailing list