ietf-openpgp
[Top] [All Lists]

Re: "The OpenPGP mail and news header" extenssion

2005-08-11 10:14:02
Simon Josefsson wrote:
David Srbecky <dsrbecky(_at_)gmail(_dot_)com> writes:
OpenPGP: id=12345678;
        url=http://example.com/key.txt;
        modification=Tue, 9 Aug 2005 13:59:18 +0200 (CEST);
        version=GnuPG v1.4.1 (MingW32);
        comment=Using GnuPG with Thunderbird;
        signature=iD8DBasdQFC+Jqasd5X6K7Lza8L3FgC3GU2joRAkV+AaJ9AqD/Fs=

'version', 'comment' and 'signature' are taken from the "signature.asc" file and are intended to replace it.


That is an interesting idea, and it does have some nice properties.

However, I'm not sure the OpenPGP community will be helped by having
yet another way of sending signed messages.  We have effectively three
different flavors today.  (Vanilla OpenPGP, PGP/MIME and a hybrid
scheme.) If you are complaining about of lack of implementation
support now, I doubt things won't be better with a fourth variant....

I am not complaining about of lack of implementation. There are always going to be people with old or incompatible clients - even if the implementation involved only a minor change of a single line code! What I want is to use secure e-mail and not to bother anyone, at all - even for the cost that only a few people will be able to verify my signature. Such standard does not exist yet and so I suggest one :-)



I would also add preferred field, which could take values 'insecure', 'signed', 'encrypted' and 'signed,encrypted'.

I'm not sure a "signencrypt" value is useful.  Thoughts?

It makes it complete, but I agree with you. I do not see a reason why someone would like to receive encrypted unsigned message. Thus, I would assume that preference=encrypt also means that recipient wants to receive messages signed.

I don't think a "insecure" value is useful; if the preference token is
absent, that would mean the same as insecure.

Not necessarily. Absence of preference token means that sender does not support preference token or intentionally has not expressed any preference.

On the other hand, preference=insecure means that user does *not* want to receive any signed or encrypted messages. I would imagine that many maillists will use this option to keep their messages clean.

Maybe we can rename preference=insecure to something better. Ideas?

To sum it up:

OpenPGP: id=b565717f; url=http://josefsson.org/key.txt

Sender does not support preference token or has not expressed any preference. You must decide whether to sign/encrypt message.

OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=insecure

Sender does *not* want to the receive any signed or encrypted messages.

OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=sign

Sender wants to receive signed unencrypted messages.

OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=encrypt

Sender wants to receive signed encrypted messages.


Thanks,
David

Attachment: signature.asc
Description: OpenPGP digital signature