Re: MIME media type literal packet in OpenPGP

"Daniel A. Nagy" <nagydani@epointsystem.org> Fri, 11 March 2011 21:24 UTC

Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p2BLOrR0044972 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 11 Mar 2011 14:24:53 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id p2BLOrGh044971; Fri, 11 Mar 2011 14:24:53 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mail-bw0-f43.google.com (mail-bw0-f43.google.com [209.85.214.43]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p2BLOnpE044959 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=FAIL) for <ietf-openpgp@imc.org>; Fri, 11 Mar 2011 14:24:51 -0700 (MST) (envelope-from nagydani@epointsystem.org)
Received: by bwz14 with SMTP id 14so3712865bwz.16 for <ietf-openpgp@imc.org>; Fri, 11 Mar 2011 13:24:49 -0800 (PST)
Received: by 10.204.35.18 with SMTP id n18mr1188431bkd.91.1299878688876; Fri, 11 Mar 2011 13:24:48 -0800 (PST)
Received: from [192.168.55.151] ([213.163.35.18]) by mx.google.com with ESMTPS id l3sm2842142fan.2.2011.03.11.13.24.47 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 11 Mar 2011 13:24:48 -0800 (PST)
Message-ID: <4D7A931A.6020503@epointsystem.org>
Date: Fri, 11 Mar 2011 22:24:42 +0100
From: "Daniel A. Nagy" <nagydani@epointsystem.org>
Organization: ePoint Systems Ltd.
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.14) Gecko/20110223 Thunderbird/3.1.8
MIME-Version: 1.0
To: Vinnie Moscaritolo <vinnie@pgpeng.com>
CC: IETF OpenPGP Working Group <ietf-openpgp@imc.org>
Subject: Re: MIME media type literal packet in OpenPGP
References: <BA0FB11E-591A-4E56-B73A-C68B235855C3@pgpeng.com>
In-Reply-To: <BA0FB11E-591A-4E56-B73A-C68B235855C3@pgpeng.com>
X-Enigmail-Version: 1.1.2
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig421BC3F78EEA878DA8B36444"
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On 03/11/2011 07:39 PM, Vinnie Moscaritolo wrote:
> * PGP Signed: 03/11/2011 at 10:39:52 AM
> Greating;
> 
> I just posted an informational draft about some minor changes that the
> PGP sdk
> is now supporting.   comments and complaints are welcome.

Hello,

I have two complaints about this proposal:

1. There is an already widely used way of encapsulating MIME content
into PGP messages, PGP/MIME (a.k.a. RFC 3156), and this proposal is not
compatible with it.

2. In this proposal, mime type would not be part of the hashed content
for digital signatures, meaning that it can be changed without breaking
the digital signature. This is dangerous. PGP/MIME does not have this
weakness.

-- 
Daniel