Mime Type for Encrypted Attachments

Ingo Klöcker ingo.kloecker@epost.de
Fri May 23 01:53:02 2003


--Boundary-02=_sWVz+XOi9SHKfMh
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Thursday 22 May 2003 11:33, Werner Koch wrote:
> On Wed, 21 May 2003 22:03:22 +0200, Ingo Kl=F6cker said:
> >> application/pgp-encrypted
> >> application/pgp-signature
> >> application/pgp-keys
> >
> > Definitely not. Those content types are used for completely
> > different things.
>
> I don't see a problem using pgp-encrypted or pgp-keys as the top MIME
> type.  The processing is not different to the RFC3156 case where they
> are encpasulated in multipart/encrypted.  pgp-signature should only
> be used for a detached signature though.

Are you not confusing something? The encrypted and armored message is=20
not in the application/pgp-encrypted but in the=20
application/octet-stream message part. Typical message (the same as in=20
my first reply):

=3D=3D=3D=3D=3D
=2D-Boundary-02=3D_0guk++/xisah7Wk
Content-Type: application/pgp-encrypted
Content-Description: version code
Content-Disposition: attachment

Version: 1

=2D-Boundary-02=3D_0guk++/xisah7Wk
Content-Type: application/octet-stream
Content-Description: encrypted data
Content-Disposition: inline; filename=3D"msg.asc"

=2D----BEGIN PGP MESSAGE-----
Version: GnuPG v1.2.1 (GNU/Linux)

hQIOAzDP3ccyMZU4EAf/Q3tO7Iziro8/NUs+7Lqk76poiPY8fza5AOdL7kB4fkWJ
=2E..
=3D=3D=3D=3D=3D

And using pgp-keys is IMO also wrong because this will confuse MUAs=20
which provide an Import Key functionality for pgp-keys attachments and=20
it will confuse users who receive an attachment which claims to be an=20
armored OpenPGP key but is in fact an encrypted file. Only viruses lie=20
about the content-type.

The correct content-type is application/octet-stream with=20
Content-Description: encrypted data. But that's what I already wrote in=20
my first reply.

Regards,
Ingo


--Boundary-02=_sWVz+XOi9SHKfMh
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA+zVWsGnR+RTDgudgRAgOMAJ0VM8fiwN6dlMht0sr26HVjHOvJ7QCeI0NR
s4khGfEC9L77g+zWpAhjwpE=
=QtG/
-----END PGP SIGNATURE-----

--Boundary-02=_sWVz+XOi9SHKfMh--