signing emails

Adrian 'Dagurashibanipal' von Bidder
Thu Dec 19 10:14:02 2002

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Thu, 2002-12-19 at 08:33, Todd wrote:
> Hash: SHA1
> David Shaw wrote:
> > PGP/MIME is *an* official standard (well, standards track anyway).
> > Inline messages are also standards track.  Neither one is any more
> > official than the other.
> Really?  Can you send a pointer to the RFC describing inline messages?  I=
> tried locating the right RFC but haven't been able to do so.  Though I di=
> find this interesting quote (from the archives of gnupg-devel):

RFC2440 - the rfc describing OpenPGP itself. Inline signed messages are
not special email messages in any way, they are just normal emails which
happen to have an rfc2440 ASCII armored clearsigned text as content.

This is also the reason that there may be problems with e-mail software:
the mail body is not special, so the MUA may want to do charset
conversions (or other things) with it, breaking the signature. (Even the
MTAs may do such things, sometimes even legally (RFC-wise), but I don't
think those are a big problem today).

>   Thomas Roessler
>   Fri, 1 Sep 2000 11:38:18 +0200
>   On 2000-08-31 17:57:33 -0500, Taral wrote:
>   > I don't think application/pgp is standard.
>   It isn't.  There may be some ancient internet-drafts describing it,
>   but it never made it to RFC level (which is a good thing).  Bad
>   enough, it's still commonly used, with all the problems it brings.
>   For guidance on how to implement it, please look at elm-me+ or mutt.

Not familiar with history, but iirc there was a application/pgp in the
days before rfc2015 PGP/MIME.

-- cheers

featured link:

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.2.1 (GNU/Linux)