EICS proposal

Adrian 'Dagurashibanipal' von Bidder avbidder@fortytwo.ch
Tue Feb 4 10:23:01 2003


--=-kcKwaMqy2N4WuNe+cweH
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Mon, 2003-02-03 at 22:14, Anthony E. Greene wrote:
> Adrian 'Dagurashibanipal' von Bidder <avbidder@fortytwo.ch> wrote:
> >I've been thinking along the same lines, and I would solve it like this:
> >
> >Use PGP/MIME, and repeat email headers in the signed part of the
> >message.
>=20
> In your example, the OpenPGP MIME message part headers are outside the
> signed data. If you want to do this, you should add a MIME message part
> that includes the appropriate email headers as signed and/or encrypted
> data.

Hmm. My reading of the rfc is that everything after the MIME boundary of
the first part of a multipart/signed message is protected by the
signature, which would make my example like this:

<<<<<<< first line of signed data
    Content-Type: text/plain
    Content-Transfer-Encoding: 7bit
    Protected-Headers: To, From, Subject
    P-To: lover@example.com
    P-From: Alice Nice <alice@example.com>
    P-Subject: I love you
   =20
    I really do.

>>>>>>> last line of signed data   =20

(rfc1847:
   The multipart/signed content type contains exactly two body parts.
   The first body part is the body part over which the digital signature
   was created, including its MIME headers.
)

Or did I misunderstand what you said?

cheers
-- vbi

--=20
get my gpg key here: http://fortytwo.ch/gpg/92082481

--=-kcKwaMqy2N4WuNe+cweH
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: get my key from http://fortytwo.ch/gpg/92082481

iKcEABECAGcFAj4/htBgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjMmbWQ1c3VtPTE0Y2E2MTZmMTQ2ODJhODJj
YjljYzI1YzliMzRhMTBkAAoJEIukMYvlp/fW3IMAoKoCv9ZmF7UiHQODYq2RcVhD
Hbr9AKDjWduLo4Gir7iXyIACUKfDgGnQww==
=9vLa
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/legal/gpg/email.20020822?version=1.3&md5sum=14ca616f14682a82cb9cc25c9b34a10d

--=-kcKwaMqy2N4WuNe+cweH--