On Mon, Jul 27, 1998 at 09:47:11AM -0500, William H.
Geiger III wrote:
Take the example of a message that is clearsigned and sent
to A. A receives the message, signs and encrypts the
message and forwards it to B. When B receives the message
and decrypts it he is presented with a literal packet that
in fact contains a PGP clear-signed message.
Now should B's software:
1. Assume that because it is a literal packet check no
further (as per the spec).
Yes.
2. Check the literal packet anyway, as unless it is
checked the contents are unknown.
Unknown is not the right thing. PGP's standard assumption
is that the user knows what to do with the content of a
literal data packet.
Also what should A's software do when presented with the
original clear-signed message to be singed & encrypted?
Does it just dump the entire clearsigned message into a
literal packet (as current implementations do) or should
it somehow pre-process the message so the receiving
software knows that there is additional PGP data contained
in the message?
It should not preprocess the message. Imagine that some
sends me corrupted clear-signed messages and I want to
send them back...
My entire point is that PGP should not duplicate any of
MIME's efforts to give a sensible representation of
message content types.
tlr
--
Thomas Roessler · 74a353cc0b19 · dg1ktr · http://home.pages.de/~roessler/
2048/CE6AC6C1 · 4E 04 F0 BC 72 FF 14 23 44 85 D1 A1 3B B0 73 C1