[fwd] Re: PGP/MIME implementors: text mode vs. binary mode? (from: hal@finney.org)

JP Sugarbroad taral at taral.net
Thu Feb 15 01:59:01 CET 2001

On Wed, Feb 14, 2001 at 11:18:27PM +0100, Thomas Roessler wrote:
> More precisely, PGP/MIME helps to address several ugly problems you
> normally have with detached signatures:
> - PGP/MIME includes MIME headers with the signature, thereby
>   indicating how the signed data should be interpreted.  This can be
>   crucial - remember all these nice "is valid in N+1 formats" files?
>   (For instance, you could do interesting things with XPMs.)

That's the point. It's a TRANSFER encoding. It is 100% valid to change
it on the fly if necessary. If PGP/MIME signatures were pre-CTE, said
change would not invalidate the signature.

> - By signing post-CTE, you have something signed which has been
>   translated to some well-defined format before.  Now, just look
>   what happens when you mix character set conversions with cleartext
>   signatures...

Character set conversion is in the CT (Content-Type) stage, not the CTE
stage. CT should obviously occur before signature.

> - PGP/MIME signed messages can be read by MIME-aware, but
>   PGP-unaware clients, with the same results as far as the signed
>   data are concerned.  I have yet to see any other signature scheme
>   which has this property.

So could a standard which was identical to PGP/MIME except that the
signature is calculated on pre-CTE data.

Taral <taral at taral.net>
Please use PGP/GPG to send me mail.
"Never ascribe to malice what can as easily be put down to stupidity."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 248 bytes
Desc: not available
Url : /pipermail/attachments/20010215/e62ff3aa/attachment.bin

More information about the Gnupg-devel mailing list