IETF Logo Mail Archive

[openpgp] Re: Fwd: New Version Notification for draft-gallagher-email-invisible-signatures-00.txt

Heiko Schäfer <heiko.schaefer@posteo.de> Tue, 06 May 2025 09:38 UTC

Return-Path: <heiko.schaefer@posteo.de>
X-Original-To: openpgp@mail2.ietf.org
Delivered-To: openpgp@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 12C0A2545DAA for <openpgp@mail2.ietf.org>; Tue, 6 May 2025 02:38:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.398
X-Spam-Level:
X-Spam-Status: No, score=-4.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=posteo.de
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QLQf34KvwC5I for <openpgp@mail2.ietf.org>; Tue, 6 May 2025 02:38:36 -0700 (PDT)
Received: from mout01.posteo.de (mout01.posteo.de [185.67.36.65]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id A11762545DA5 for <openpgp@ietf.org>; Tue, 6 May 2025 02:38:36 -0700 (PDT)
Received: from submission (posteo.de [185.67.36.169]) by mout01.posteo.de (Postfix) with ESMTPS id 9606D240027 for <openpgp@ietf.org>; Tue, 6 May 2025 11:38:33 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017; t=1746524313; bh=uApv1LdndvP/Z/+iC5PuUBHTpAE4fxK98NPARunS3qM=; h=Message-ID:Date:MIME-Version:Subject:To:From:Content-Type: Content-Transfer-Encoding:From; b=Zdo5vMb7u+mklc7zz7FQv3awP02MUpvTRZP+5MaPsDQ9LBO0PXkNtxvDRtJJv2RIA BY3qdvyP2xHj3vft2CHMdCfewUvzal/2OfgnUK1aG8y68/ubdIvDyyKSzuzxojK/w1 BFoBD8WpSI5s0I0NyLYDQPhTpPGtFOhhVwJU04YNyqF6KHFt1VSFabJABfARFbQBOb 4sgkG3nChd+VDnuxU2933bm0BW+nmzQl85I68cvf95iboprrEdWfR9sK9IWHVmQydK kWasrUytjy2gEjug+xAtf6UoDbKHKBdq+hb+xswaxCQlvYojluMkLRfQTYbfN8y5xV KnQKsMnJLSYzQ==
Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4ZsCy01Gvcz9rxP for <openpgp@ietf.org>; Tue, 6 May 2025 11:38:32 +0200 (CEST)
Received: from services.foundation.hs (services.foundation.hs [192.168.21.4]) by mail.foundation.hs (Postfix) with ESMTP id DC5B5705C5 for <openpgp@ietf.org>; Tue, 6 May 2025 11:38:31 +0200 (CEST)
Message-ID: <5455daf2-f7cc-4bf4-b4d7-89026a4b8e8f@posteo.de>
Date: Tue, 06 May 2025 09:38:31 +0000
MIME-Version: 1.0
To: openpgp@ietf.org
References: <174626909298.338737.10420965667394729319@dt-datatracker-58d4498dbd-6gzjf> <5E01CE52-2B15-48BA-BCEE-4E7FAB7FBD02@andrewg.com>
Content-Language: en-US
From: Heiko Schäfer <heiko.schaefer@posteo.de>
In-Reply-To: <5E01CE52-2B15-48BA-BCEE-4E7FAB7FBD02@andrewg.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Message-ID-Hash: M5X2RCAJF6ZORDKC5OF4FQBT7QHDBWBY
X-Message-ID-Hash: M5X2RCAJF6ZORDKC5OF4FQBT7QHDBWBY
X-MailFrom: heiko.schaefer@posteo.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: Fwd: New Version Notification for draft-gallagher-email-invisible-signatures-00.txt
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/xhc8O_tCXrIBCjPAr3PRBOJLNGc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

Hey Andrew, list,

> I have just uploaded a first draft that specifies a potential 
> replacement for cleartext-signed MIME email. This arose from one of 
> the discussions at the 9th OpenPGP Email Summit last month, where DKG, 
> Kai and I agreed to draw up a proposal based on the views expressed by 
> the attendees.
>
> Instead of including the signature as an attachment, we propose that 
> the signature is contained within a novel MIME header in the top-level 
> MIME part. The principal advantage of this is that naive MUAs should 
> silently ignore unknown MIME-part headers, which addresses the 
> “unknown attachment” UX problem when using traditional PGP/MIME.
>
> While this proposal only specifies an OpenPGP message format, it 
> should be extensible to similar signed-only MIME formats.

While I can't judge the finer points of MIME, the general direction of 
this idea seems very good to me, and very much worth pursuing.

As Vincent (and also Andrew) have argued over on [openpgp-email], I also 
believe that the attempts to handle OpenPGP signatures as attachments 
have been valiant and prolonged and haven't resulted in a good outcome.

Exploring a different path (as proposed in this draft) strikes me as 
very appropriate.

Thanks,
:) Heiko

v2.31.3 | Report a Bug | By Email | System Status