MIME or inline signature ?

Robert J. Hansen rjh at sixdemonbag.org
Fri Feb 13 20:41:14 CET 2015


> Be liberal in what you accept, and conservative in what you send:
> https://en.wikipedia.org/wiki/Robustness_principle

It's worth noting that Postel (the guy who first formulated it) was very
dissatisfied with how people tended to interpret Postel's Law.  Per him,
he felt most people who quoted Postel's Law were confused on the
difference between 'liberal' and 'foolish', and tried to justify foolish
engineering decisions on the basis of a liberal acceptance policy.

Postel's sentiments were more, "Reject traffic that does not conform to
the spec, even if it's in common use; accept traffic that conforms to
the protocol spec, even if it's exotic; and only generate traffic that
conforms to both spec and common use."  Unfortunately, that loses much
of the poetry of the original phrasing.

This has long been one of my complaints about the way GnuPG gets used.
GnuPG will accept and generate some pretty darn exotic traffic ("let's
use SHA-224 with ECDSA and Camellia-256!"), which is good: that's
exactly what you want in a toolkit.  But just because we can do things
like this doesn't mean we actually should...


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3744 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20150213/fbb74c4a/attachment-0001.bin>


More information about the Gnupg-users mailing list