ietf-openpgp
[Top] [All Lists]

"The OpenPGP mail and news header" extenssion

2005-08-10 11:14:16

Hello,

I have recently discovered the power of OpenPGP. However, some of my friends now complain that my messages either contain some strange ---SIGNATURE--- (inlining) or some strange attachment (PGP/MIME). Since I doubt that OpenPGP will ever be supported by *all* MUAs, I thing think that the only ultimate solution is to save the signature in the header.

I think this simple extension should be sufficient:

OpenPGP: id=12345678;
         url=http://example.com/key.txt;
         modification=Tue, 9 Aug 2005 13:59:18 +0200 (CEST);
         version=GnuPG v1.4.1 (MingW32);
         comment=Using GnuPG with Thunderbird;
         signature=iD8DBasdQFC+Jqasd5X6K7Lza8L3FgC3GU2joRAkV+AaJ9AqD/Fs=

'modification' holds the date of last modification of the public key; MUA can use it to detect whether the public key update is necessary. (not directly related to the topic, but good(?) idea anyway)

'version', 'comment' and 'signature' are taken from the "signature.asc" file and are intended to replace it.


What do you think?


PS: My opinion to the "Open Issues:'supports' field" is that is a very good idea, but OpenPGP header is the wrong location. I think it should be part of public key itself for two reasons: - The value would be unique and could be updated from keyserver at any time - It would be possible to get the value before you receive any mail from the given person.

> Should it be in preferred priority order?

Yes.

I would also add 'preferred' field, which could take values 'insecure', 'signed', 'encrypted' and 'signed,encrypted'.



PPS: Just out of curiosity, why are you using

OpenPGP: id=12345678;
         url=http://example.com/key.txt;

and not

OpenPGP-ID: 12345678
OpenPGP-URL: http://example.com/key.txt

I know, it looks better, but I am afraid it might be more difficult to implement and it might discourage developers from accepting the standard.



Regards,
David Srbecky