Can't check pgp-6.5.8 signatura

Owen Blacker owen@flirble.org
Thu Oct 18 20:41:01 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

mike ledoux wrote (2001-10-18 T 10:16 -0400):

>
> >It specifies a way to "sign textual octet stream with ASCII armoring".
> >Which is clearly applicable to e-mail environments. It doesn't tell me
> >what MIME content type I should use.
>
> For that type of message, I'd use text/plain, just as if I were
> sending (for example) a uuencoded file. This way, people that don't
> care about the signature don't have to jump through any hoops to
> read the message itself.
multipart/signed also fulfils that aim, to be fair...
> >Actually looking a bit further, section 2.4 says "An application that
> >implements OpenPGP for messaging SHOULD implement OpenPGP-MIME."
>
> I missed that, thanks. Unfortunately, this blows a big hole in my
> argument with a local Mutt user.
Not necessarily. As so few other MUAs can use it, I don't think mutt should do so be default. I have no intention of ever using mutt, I dislike it. I would consider patching pine, were a patch available (istr someone having mentioned there might be one, so finding out either way and so on is on my list of things to do... :)
> >> PGP/MIME is a big mistake. If you send me a signed message in
> >> PGP/MIME format, it is nearly impossible for me to verify the
> >> signature, as my mailer (Pine) does not support this very new message
> >> format.
> >
> >I don't think you can call it a 'very new message format'. It has,
> >after all, been around for five years now. RFC 2015 is dated October
> >1996.
>
> RFC822 is dated August, 1982. It obsoleted RFC733, which was dated
> November, 1977. My first use of PGP was in March, 1992, and I know
> that I wasn't one of the first people to use it. In that scope, RFC2015
> (October, 1996) and its successor RFC3156 (August 2001), are 'very new'.
It's new for the simple reason that it is not yet widely supported.
> My major problem with PGP/MIME is that it does not gracefully degrade.
> 'Old-Style' ASCII Armor signatures do. Especially on a public mailing
> list, this is important.
And this is why I think it is not a very good standard. At least it's better than the, frankly, idiotic pre RFC 2015 application/pgp MIME type. The logic behind RFC 2015 and RFC 3156 is sound, given the requirements specified in RFC 1847, it's just very unfortunate that pine (and every other mailer I've ever used) doesn't handle it at all. I should get around to kludging something in procmail or something... *GRIN* Hmm, a quick Google <http://www.google.com/search?q=procmail+openpgp+pine> has given me a few articles and ideas, so I may be prepared to revoke that opinion of mine... :) Until later, O x - -- Owen Blacker | Senior Software Developer and InfoSecurity Consultant See http://www.owens-place.org.uk/pgp.html -- more about my PGP keys Sig 0xb48e805e | 0e31 ac2a 4ff2 62a0 89da ddef 4223 99a6 b48e 805e - -- They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety --Benjamin Franklin, 1759 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7zyHeQiOZprSOgF4RAlFTAJ9yhPdPvEThs2+qCt0x09P0lMk1ggCfQO/w MPoaDlDNm0Mhcai/8d6GQVE= =VG7Y -----END PGP SIGNATURE-----