Re: [openpgp] Context Parameters for Signing and Encryption

Steffen Nurpmeso <steffen@sdaoden.eu> Wed, 15 February 2023 22:55 UTC

Return-Path: <steffen@sdaoden.eu>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB83DC17CE88 for <openpgp@ietfa.amsl.com>; Wed, 15 Feb 2023 14:55:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2z18scGR9zIQ for <openpgp@ietfa.amsl.com>; Wed, 15 Feb 2023 14:55:10 -0800 (PST)
Received: from sdaoden.eu (sdaoden.eu [217.144.132.164]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DEC75C17CE8F for <openpgp@ietf.org>; Wed, 15 Feb 2023 14:55:08 -0800 (PST)
Date: Wed, 15 Feb 2023 23:55:04 +0100
Author: Steffen Nurpmeso <steffen@sdaoden.eu>
From: Steffen Nurpmeso <steffen@sdaoden.eu>
To: Bruce Walzer <bwalzer@59.ca>
Cc: openpgp@ietf.org
Message-ID: <20230215225504.BsMHE%steffen@sdaoden.eu>
In-Reply-To: <Y+1R4NSAW9asPWrE@watt.59.ca>
References: <87y1pcm3go.fsf@fifthhorseman.net> <87cz6ilr7w.fsf@fifthhorseman.net> <8B86FBCD-F723-4518-BE00-AE74FB2D47B2@andrewg.com> <k13jlbmfeU3h8dS-wAVK6aWpX_ZB2UW8AQDQpDU96H6_2zdtUNC9XXCrlq0oAL07Usueyn_TkPu_fA-V6V-UTtfFIVT43sDs7C-vh3aDDZ4=@protonmail.com> <467AF37A-34BE-4D10-99F5-E4421B7E6EF4@andrewg.com> <Y+1R4NSAW9asPWrE@watt.59.ca>
Mail-Followup-To: Bruce Walzer <bwalzer@59.ca>, openpgp@ietf.org
User-Agent: s-nail v14.9.24-411-g8db62d75cb
OpenPGP: id=EE19E1C1F2F7054F8D3954D8308964B51883A0DD; url=https://ftp.sdaoden.eu/steffen.asc; preference=signencrypt
BlahBlahBlah: Any stupid boy can crush a beetle. But all the professors in the world can make no bugs.
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/nwA0XCLzC8HEQm56S5Q0DJ_7udU>
Subject: Re: [openpgp] Context Parameters for Signing and Encryption
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Feb 2023 22:55:14 -0000

Bruce Walzer wrote in
 <Y+1R4NSAW9asPWrE@watt.59.ca>:
 |On Fri, Feb 10, 2023 at 02:49:32PM +0000, Andrew Gallagher wrote:
 |> On 10 Feb 2023, at 12:36, Daniel Huigens <d.huigens=40protonmail.com@dma\
 |> rc.ietf.org> wrote:
 ...
 |Another interesting question here is: how should we explain things to
 |the user when this check fails? Delegating the response to the

This is a great question.

 |application is fine only if the application is going to be able to
 |respond in a clear and understandable way. For example, encrypted
 |email borrows the idea of the envelope used in paper mail as the
 |concept for the encryption. How would this error condition be related

But .. Ach!, if only it would have been like this.
Isn't it one of the long standing problems that exactly that was
not done.  Still of today most signed emails come in MIMEified,
but without having at least a duplicate of the headers being part
of the signed range.  Let alone a sign-covered version of the key.
I like the PGP MIME multipart variant more than the S/MIME one,
but still it does not "simply" enwrap the original mail in another
envelope.

Even moreover, in fact people continue stuffing the headers of the
outermost "envelope" with myriads of ..peep.. (americans on the
list), some even put entire public (unverifiable, unsigned) PGP
keys there just to ship it.

If it would have been me with the new German passport >=20 years
ago, you know.  And just _do it_ like our forefathers and
foremothers had done it, just enwrap the mess and plaster your own
seal upon it!
Then again many US-ASCII based old hands / people (in OSS space at
least) still dislike and even actively counteract MIME as such.
(At least in BSD and maybe even nmh land, .. where i mostly
live.)

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)