Hi Werner,
On 03/15/2015 08:43 PM, Werner Koch wrote:
On Sat, 14 Mar 2015 21:49, tbray(_at_)textuality(_dot_)com said:
There’s one missing piece, the equivalent of HTTP Content-type. You can
easily encrypt anything - a message, a picture, a video - and send it off
What about using RFC-3156 PGP/MIME and set the Content-type?
If setting the Content-type to something different than
"application/octet-stream" would leak the Content-type to others or do
you have a different usage in mind?
There are related problems to this:
- RFC 3156 only considers the usage of ASCII armored data, we also like
to share encrypted binary files.
- Currently we "share" a blob with Content-type
"application/octet-stream", while we actually want something more
concrete that identifies OpenPGP-encrypted blobs. We don't use
"application/pgp-encrypted" as it is specified to only hold the version
number.
IIRC, a new flag 'm' for the Literal Data Packet was once suggest to
indicate the data has a MIME structure. That would allow to convey all
kind of meta information using a matured standard.
The related draft is here:
http://tools.ietf.org/html/draft-moscaritolo-openpgp-literal-01
I like this approach as it hides the MIME type in the encrypted header.
Having this and a MIME type for OpenPGP-encrypted blobs would solve the
problem for us, what about "application/pgp-encryption"?
Maybe I am overseeing something, so any pointers are appreciated :)
Regards
Dominik
signature.asc
Description: OpenPGP digital signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp