EICS proposal

Adrian 'Dagurashibanipal' von Bidder avbidder@fortytwo.ch
Tue Feb 4 10:23:01 2003

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Mon, 2003-02-03 at 22:14, Anthony E. Greene wrote:
> Adrian 'Dagurashibanipal' von Bidder <avbidder@fortytwo.ch> wrote:
> >I've been thinking along the same lines, and I would solve it like this:
> >
> >Use PGP/MIME, and repeat email headers in the signed part of the
> >message.
> In your example, the OpenPGP MIME message part headers are outside the
> signed data. If you want to do this, you should add a MIME message part
> that includes the appropriate email headers as signed and/or encrypted
> data.

Hmm. My reading of the rfc is that everything after the MIME boundary of
the first part of a multipart/signed message is protected by the
signature, which would make my example like this:

<<<<<<< first line of signed data
    Content-Type: text/plain
    Content-Transfer-Encoding: 7bit
    Protected-Headers: To, From, Subject
    P-To: lover@example.com
    P-From: Alice Nice <alice@example.com>
    P-Subject: I love you
    I really do.

>>>>>>> last line of signed data   =20

   The multipart/signed content type contains exactly two body parts.
   The first body part is the body part over which the digital signature
   was created, including its MIME headers.

Or did I misunderstand what you said?

-- vbi

get my gpg key here: http://fortytwo.ch/gpg/92082481

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.2.1 (GNU/Linux)
Comment: get my key from http://fortytwo.ch/gpg/92082481

Signature policy: http://fortytwo.ch/legal/gpg/email.20020822?version=1.3&md5sum=14ca616f14682a82cb9cc25c9b34a10d