ietf-openpgp
[Top] [All Lists]

Re: "The OpenPGP mail and news header" extenssion

2005-08-15 02:43:44

David Srbecky <dsrbecky(_at_)gmail(_dot_)com> writes:

Simon Josefsson wrote:
I understand.  Implement your scheme and write a draft about it!  I
think your ideas are too far-fetching to be reasonable added to this
document.  There are many details that has to be solved.


Could you please outline a few of these details to be solved?

Canonicalization of the content to sign; it is not clear exactly what
data should be signed.  How to cope with gateway's that modify the
message need also be discussed, e.g., you likely will need to use
7-bit MIME to be reasonable sure the message arrive intact.

The OpenPGP header is not intended to be security critical or
trust-worthy.  The point of it was to assist mail clients or mailing
list software to be able to provide a better default user experience.
Changing that header to embed signature information changes
fundamental assumption of what the header should be about, so I'd
rather not work on this now.

I do encourage you to try to experiment with the idea though.  The
tag=value structure of the OpenPGP header would allow you to use the
same header name, although if you want to support S/MIME signatures in
the same header, I think using Signature: may be cleaner.  And in
general, what the header is called is not that important.

Regards,
Simon