Wed Dec 11 18:39:02 2002
On Wed, 11 Dec 2002 16:20:14 +0000, Graham said:
> On Wednesday 11 Dec 2002 3:20 pm, Anthony E. Greene wrote:
>> PGP/MIME is the official standard.
> Who says? Where is this specifically stated?
7. Cleartext signature framework
It is desirable to sign a textual octet stream without ASCII armoring
the stream itself, so the signed text is still readable without
special software. In order to bind a signature to such a cleartext,
this framework is used. (Note that RFC 2015 defines another way to
clear sign messages for environments that support MIME.)
rfc3156 (successor of 2015):
Work on integrating PGP (Pretty Good Privacy) with MIME 
(including the since withdrawn "application/pgp" content type) prior
to RFC 2015 suffered from a number of problems, the most significant
of which is the inability to recover signed message bodies without
parsing data structures specific to PGP. RFC 2015 makes use of the
elegant solution proposed in RFC 1847, which defines security
multipart formats for MIME. The security multiparts clearly separate
the signed message body from the signature, and have a number of
other desirable properties. This document revises RFC 2015 to adopt
the integration of PGP and MIME to the needs which emerged during the
work on the OpenPGP specification.
Both are on the standards track and in PROPOSED STANADARD status. As
soon as you use non-asciii characters, you want to use PGP/MIME
because it allows in a clean way to define the used character set.
(MIME, rfc2045 is already in the DRAFT STANDARD status). Firthermore,
signing a message with attachment in a clean way is also only possible