Re: [openpgp] Tag indicating a MIME content

David Shaw <dshaw@jabberwocky.com> Fri, 08 July 2016 01:26 UTC

Return-Path: <dshaw@jabberwocky.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15A4812D8E7 for <openpgp@ietfa.amsl.com>; Thu, 7 Jul 2016 18:26:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.327
X-Spam-Level:
X-Spam-Status: No, score=-2.327 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FSL_HELO_HOME=1, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eD7zfiyGp8Zy for <openpgp@ietfa.amsl.com>; Thu, 7 Jul 2016 18:26:43 -0700 (PDT)
Received: from mail.jabberwocky.com (walrus.jabberwocky.com [173.9.29.57]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44E4912D861 for <openpgp@ietf.org>; Thu, 7 Jul 2016 18:26:43 -0700 (PDT)
Received: from grover.home.jabberwocky.com (grover.home.jabberwocky.com [172.24.84.28]) (authenticated bits=0) by mail.jabberwocky.com (8.14.4/8.14.4) with ESMTP id u681QYZF016788 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 7 Jul 2016 21:26:34 -0400
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: David Shaw <dshaw@jabberwocky.com>
In-Reply-To: <87r3b5q2zq.fsf@wheatstone.g10code.de>
Date: Thu, 7 Jul 2016 21:26:34 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <BC5E950B-7306-4A2B-84F3-04121D4BC3C8@jabberwocky.com>
References: <87r3b5q2zq.fsf@wheatstone.g10code.de>
To: Werner Koch <wk@gnupg.org>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/LFfw2f14Rwa3y_5o3sPAGoi9PkA>
Cc: openpgp@ietf.org
Subject: Re: [openpgp] Tag indicating a MIME content
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2016 01:26:45 -0000

> On Jul 7, 2016, at 4:14 AM, Werner Koch <wk@gnupg.org> wrote:
> 
> Hi,
> 
> I recall that an indication for a MIME content has been proposed many
> years ago but might have been forgotten.  Thus I propose this small
> change for 4880bis:
> 
> --8<---------------cut here---------------start------------->8---
> diff --git a/middle.mkd b/middle.mkd
> index 033f11f..5519be3 100644
> --- a/middle.mkd
> +++ b/middle.mkd
> @@ -2156,7 +2156,8 @@ ## {5.9} Literal Data Packet (Tag 11)
>     may need line ends converted to local form, or other text-mode
>     changes.  The tag 'u' (0x75) means the same as 't', but also
>     indicates that implementation believes that the literal data
> -    contains UTF-8 text.
> +    contains UTF-8 text.  If it is a 'm' (0x6d), then it contains a
> +    MIME message body part [](#RFC2045).

I am in favor of this (I vaguely recall when it was originally suggested).  I do have one suggestion though - this field (like the literal packet filename and timestamp) isn't covered by a signature, so can be changed invisibly in transit.  That's not news, but I think it might be worth calling that out explicitly to avoid future surprise.

Perhaps something like "Note that the formatting octet, the file name, and the date field of the literal packet are not included in a signature hash and thus are not protected against tampering in a signed document."

David