In
<005901be49ae$b4cb1da0$cd683c81(_at_)vaio-luke(_dot_)isl(_dot_)ntt(_dot_)co(_dot_)jp>,
on 01/27/99
at 01:37 PM, " X c G" <hiro(_at_)isl(_dot_)ntt(_dot_)co(_dot_)jp> said:
Another problem is comformance to OpenPGP/MIME specification proposed by
K.Yamamoto[OpenPGP/MIME]. For example, if an original message is using
'Encrypted-then-Signed' service, the current implementation replace the
inner multipart/encrypted MIME object and this makes impossible to verify
the signature in the outer multipart/signed MIME object.
Currently, I don't have the solutions for these problems. I'm just
starting to grapple with them. I will welcome to your comments.
Signature retention is a big issue that I have been involved with on both
the PGP/MIME and now the OpenPGP working groups. Basically there are two
ways to accomplish this:
NON-MIME Approach:
The original sender of the message clearsigns the message then encrypts
the message (a two step process). This way the server decrypts &
re-encrypts the message and the signature is retained.
MIME Approach:
The original sender OpenPGP/MIME signs the message then OpenPGP/MIME
encrypts the message (again a two step process).
Unfortunately few mailers/plugins are designed to use this approach when
singing & encrypting a message. Instead they use the sign & encrypt
approach (one step process) which signature retention is not possible
after decryption.
--
---------------------------------------------------------------
William H. Geiger III http://www.openpgp.net
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
---------------------------------------------------------------