From: Werner Koch <wk(_at_)gnupg(_dot_)org>
Subject: Re: OpenPGP vs. OpenPGP/MIME
(2) It's not clear how a receiving MUA should do when the value of the
protocol parameter is different from the value of content type (of
the first part for encryption and of the second part for
How an error is handled is not in the scope of most protocols. Do
whatever you see fits.
I understand what you mean. And I agree with you in many cases.
However, RFC 1847 is to define a signature service. If error handing
is implementation dependent, a broken multipart/security is verified
as GOOD in some MUAs and it is verified as BAD in other MUAs. This is
not good for signature services.
(3) It's not clear how a receiving MUA should do when the value of
the micalg parameter is differnt from the value specified in the
second part(e.g a PGP packet for PGP/MIME).
For PGP just ignore it. It does not make sense because you can't just
feed the hash into a OpenPGP verifier (there are other informations
needed to be hashed along with the message). Well, unless you want to
have a big monolithic application which can pass hash contexts around.
So, why is the micalg parameter a MUST?
--Kazu