Re: OpenPGP/MIME changes
Thomas Roessler <roessler@does-not-exist.org> Sat, 05 August 2006 22:42 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G9UqL-0000by-Tm for openpgp-archive@lists.ietf.org; Sat, 05 Aug 2006 18:42:05 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G9UqK-0008H8-EZ for openpgp-archive@lists.ietf.org; Sat, 05 Aug 2006 18:42:05 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k75MKEKH073134; Sat, 5 Aug 2006 15:20:14 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k75MKE2T073127; Sat, 5 Aug 2006 15:20:14 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from kamino.does-not-exist.org (kamino.does-not-exist.org [217.160.221.198]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k75MKCQv073120 for <ietf-openpgp@imc.org>; Sat, 5 Aug 2006 15:20:13 -0700 (MST) (envelope-from roessler@does-not-exist.org)
Received: from lavazza.does-not-exist.org (ip-83-99-58-85.dyn.luxdsl.pt.lu [83.99.58.85]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by kamino.does-not-exist.org (Postfix) with ESMTP id C5FCF1936CB; Sun, 6 Aug 2006 00:20:09 +0200 (CEST)
Received: from roessler by lavazza.does-not-exist.org with local (Exim 4.62) (envelope-from <roessler@does-not-exist.org>) id 1G9UV6-0005eh-EW; Sun, 06 Aug 2006 00:20:08 +0200
Date: Sun, 06 Aug 2006 00:20:08 +0200
From: Thomas Roessler <roessler@does-not-exist.org>
To: "Brian G. Peterson" <brian@braverock.com>
Cc: OpenPGP <ietf-openpgp@imc.org>, Jon Callas <jon@callas.org>
Subject: Re: OpenPGP/MIME changes
Message-ID: <20060805222008.GA21728@lavazza.does-not-exist.org>
Mail-Followup-To: "Brian G. Peterson" <brian@braverock.com>, OpenPGP <ietf-openpgp@imc.org>, Jon Callas <jon@callas.org>
References: <20060714174935.5A2F1DA820@mailserver8.hushmail.com> <CCFC4799-4C83-44D5-8FC2-1F010EC75D1C@callas.org> <20060719210824.GM13108@lavazza.does-not-exist.org> <200607191802.17107.brian@braverock.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
In-Reply-To: <200607191802.17107.brian@braverock.com>
User-Agent: Mutt/1.5.12 (2006-08-05)
X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id k75MKDQv073122
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by balder-227.proper.com id k75MKEKH073134
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 73734d43604d52d23b3eba644a169745
On 2006-07-19 18:02:16 -0500, Brian G. Peterson wrote: > On Wednesday 19 July 2006 16:08, Thomas Roessler wrote: >> So, the current OpenPGP/MIME spec is already relatively >> strict and actually takes away some of the degrees of >> freedom that the original PGP/MIME left open. Would you >> care to elaborate a bit more about what points you'd like >> to clean up? > Look back a ways in the archives to the various tabled > discussions on OpenPGP/MIME and the other variants > (inline/partitioned) for email. I remember significant > issues being discussed around offline signature > verification on binary attachments, signatures on signatures > (chain of evidence), and interoperability issues on the > layout of MIME parts. So, summarizing from a round of reading through the archives: - A requirement was given that certain attachments would have to be verified individually. This can be achieved by packaging an individual attachment into a multipart/signed and having a signature for just that attachment. Of course, there's nothing that would keep the sender from wrapping the entire message into another level of multipart/signed. (Incidentally, I don't understand the use case that motivates this requirement. I'd like to hear more about it.) I'm not aware of any OpenPGP/MIME implementation that would do this on the sending end, but this is not a shortcoming of the format. Please also note that the "individual" signatures aren't necessarily the better ones in all contexts: For instance, I rather wouldn't have separate signatures on the parts that together make up a multipart/alternative or multipart/related. - I haven't seen any recent interoperability issues on the layout of MIME parts, unless this is supposed to allude to Outlook's general inability to deal with just about anything MIME. This does not strike me as something that OpenPGP/MIME should be kludging around. - Signatures on signatures are easily done, by wrapping one multipart/signed into another one. In the bad old PGP tradition of not attributing semantics to anything, this should be all that's needed. - I've skimmed through the documentation of what's now called "partitioned" mode; frankly, using well-known attachment file names to signal the relationship between the different body parts that form a multipart makes me cringe, as does having fixed file names for the signature of "the RTF attachment". This is wrong on an unhealthy number of levels. Also, please note that the partitioned format seems not to sign the content-type of the signed material, thereby subjecting it to attacks based on having material that admits multiple interpretations. (Think postscript source code vs. rendered postscript -- I'd send the former as text/plain, and the latter as application/postscript.) Right now, I don't see any particular motivation for changing the existing OpenPGP/MIME RFC. I do see use cases for possibly using the existing spec in a different way in some cases. One thing that I'm wondering about for the packet-based PGP format (though it's probably too late for this) is whether signatures should include an indication of the intended media type of the signed material. One could do this by either extending the literal packet, or by specifying a content-type notation packet. Considering the interoperability impact of the two approaches, the notation packet is probably the right way to go. Regards, -- Thomas Roessler ยท Personal soap box at <http://log.does-not-exist.org/>.
- OpenPGP Minutes / Quick Summary Derek Atkins
- Re: OpenPGP Minutes / Quick Summary Ian G
- Re: OpenPGP Minutes / Quick Summary Sam Hartman
- Re: OpenPGP Minutes / Quick Summary vedaal
- Re: OpenPGP Minutes / Quick Summary Daniel A. Nagy
- Re: OpenPGP Minutes / Quick Summary Brian G. Peterson
- Re: OpenPGP Minutes / Quick Summary Cat Okita
- Re: OpenPGP Minutes / Quick Summary Derek Atkins
- Re: OpenPGP Minutes / Quick Summary Ian G
- Re: OpenPGP Minutes / Quick Summary Derek Atkins
- Re: OpenPGP Minutes / Quick Summary Werner Koch
- Re: OpenPGP Minutes / Quick Summary David Shaw
- Re: OpenPGP Minutes / Quick Summary Hironobu SUZUKI
- Re: OpenPGP Minutes / Quick Summary Jon Callas
- Re: OpenPGP Minutes / Quick Summary Thomas Roessler
- Re: OpenPGP/MIME changes Brian G. Peterson
- Re: OpenPGP Minutes / Quick Summary Cat Okita
- Re: OpenPGP Minutes / Quick Summary Peter Gutmann
- Re: OpenPGP/MIME changes Jon Callas
- Re: OpenPGP Minutes / Quick Summary vedaal
- Re: OpenPGP Minutes / Quick Summary Jon Callas
- Re: OpenPGP Minutes / Quick Summary Thomas Roessler
- Re: OpenPGP/MIME changes Thomas Roessler
- Re: OpenPGP Minutes / Quick Summary Thomas Roessler
- Re: OpenPGP Minutes / Quick Summary Derek Atkins <derek@ihtfp.com>
- Re: OpenPGP Minutes / Quick Summary Thomas Roessler
- Re: OpenPGP Minutes / Quick Summary Jon Callas
- Multisig (was: OpenPGP Minutes / Quick Summary) Werner Koch