ietf-openpgp
[Top] [All Lists]

Re: OpenPGP vs. OpenPGP/MIME

2002-01-25 10:55:20

The point behind the micalg= parameter was for ease in implementation
of a one-pass processing.  If you know in advance to setup an md5
or sha1 hash processor, you can process the message through the hash
before you get to the signature portion.

At least that was why it was done originally,

-derek

Simon Josefsson <simon+ietf-openpgp(_at_)josefsson(_dot_)org> writes:

Werner Koch <wk(_at_)gnupg(_dot_)org> writes:

(3) It's not clear how a receiving MUA should do when the value of
    the micalg parameter is differnt from the value specified in the
    second part(e.g a PGP packet for PGP/MIME).

For PGP just ignore it.  It does not make sense because you can't just
feed the hash into a OpenPGP verifier (there are other informations
needed to be hashed along with the message).

This view isn't consistent with how I read RFC 3156, it seems to
require that applications populate the field with the MIC algorithm
used to hash the message.  Using the wrong micalg value causes
problems.

IMHO either the micalg parameter should be made optional, or the
PGP/MIME spec should suggest using a dummy value ("micalg=pgp") to
signal to the application that the algorithm specified in the OpenPGP
blob should be used.

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord(_at_)MIT(_dot_)EDU                        PGP key available

<Prev in Thread] Current Thread [Next in Thread>