[Top] [All Lists]

Re: expedience, consensus and editing

1997-11-29 21:56:25
Could you explain how the following detached signature would be
encoded using RFC1847/RFC2015?  Would you use multipart/signed or

multipart/signed, with no encoding for clear text. For opaque signing we
could either encode it with base64 or sign & encrypt.

This is not what I meant by a detached signature.  PGP supports the
concept of a signature which can be sent around independently of the data
it signs.  For example, I could request that someone send me a signature
on some data I received earlier.  They could create a signature on the
data and send it to me, without having to re-send the data itself.

Existing facilities can be used to do detached MIME signaturues. Specifically,
one constructs a message/external-body MIME object that contains a
content-md5 field describing the external data. One then signs this
part. The result is a detached signature that also contains a pointer
to the actual data which has been signed.

If you don't want the pointer then the right answer is to define a
MIME type for a existing PGP detached signature object.