On Tue, 7 Apr 2015 19:38, Neil_Hunsperger(_at_)symantec(_dot_)com said:
One solution is PGP Partitioned format, which supports in-line
signatures for ASCII bodies and detached signatures for other email
That was a kludge to support Outlook. With Outlook < 2010 it was not
possible to send/receive arbitrary MIME mails because Outlook's crypto
layer processed all multipart/{encrypted,signed} mail before a plugin
could get it hands on it. Well, there is a hack to work around that
which we used in GpgOL but it is using non-documented behaviour. With
Outlook 2010 a new API exists to get the raw unprocessed mail before the
crypto layer kicks in and thus it very likely that one can implement
PGP/MIME without resorting to the above hack.
IIRC, the Partitioned format has no means to guarantee the integrity of
the entire message and thus you can replace attachments.
Using the above as a starting point, what aspect of a MIME signature's
impact is left to solve?
The micalg parameter should be removed or made optional. The micalg
needs to be emitted before the signed data and the signature. It is
useless for OpenPGP and a major hassle for any one-pass creation of
signatures because only the signing tool can determine the used hash
algorithm from the set of signing keys. This should not be
controversial because may MUAs use a fixed string anyway.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp