ietf
[Top] [All Lists]

Re: Media type for PGP message?

2014-10-14 07:06:24
----- Original Message -----
From: "Scott Kitterman" <scott(_at_)kitterman(_dot_)com>
To: "IETF-Discussion Discussion" <ietf(_at_)ietf(_dot_)org>
Sent: Tuesday, October 14, 2014 4:15 AM
On Monday, October 13, 2014 21:35:56 John C Klensin wrote:
--On Monday, 13 October, 2014 20:25 -0400 Scott Kitterman

<scott(_at_)kitterman(_dot_)com> wrote:
I went back and looked at a random sampling of the PGP
encrypted mails I've  received over the last couple of years.
100% of them were multipart:

Content-Type: multipart/encrypted;

  protocol="application/pgp-encrypted";

Interesting.  We must be seeing different communities.  Very
subjectively, I'd guess that about half of the PGP encrypted
(whether signed or not) and almost all of the
signed-but-not-encrypted messages are in ASCII armored form, not
multipart/encrypted.  I have speculations about the reasons for
both, but the bottom line in:

-- multipart/encrypted isn't as successful as we had expected

-- The ASCII armor format which, IIR, predates
multipart/encryption and may make up part of the reason for
Ned's observation that the PGP community didn't like MIME very
much, is still alive an well.

Ned is obviously correct -- ASCII armor doesn't do a thing for
complex, structured, messages while multipart/encrypted was
designed to handle them and does. But that fact has never
eliminated the cases in which the message payload is a singe,
text-style, body part and standalone PGP processors can created
a signed and/or encrypted block of text that is then pasted into
(really instead of) a conventional message.

   john

Virtually everyone I'm getting encrypted/signed mail from is running
Linux or
some other Unix like operating system and using GnuPG.  That may
account for
why I see what I see.  I did go back and look at a few signed mails
and they
are multipart as well:

I agree on the multipart/signed but also see

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9;
 rv:33.0) Gecko/20100101 Thunderbird/33.0

or

X-Mailer: Apple Mail (2.1878.6)

or the tell tale

Content-Type: multipart/signed;
 boundary="Apple-Mail=_37F6A3569C-4B34-48C7-8721-BF783436929";
 protocol="application/pgp-signature"; micalg=pgp-sha1

which look like other communities.

Tom Petch


Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-
signature"; boundary="..."
Content-Disposition: inline
....

Content-Type: text/plain; charset=utf-8
Content-Disposition: inline

...

Content-Type: application/pgp-signature; name="signature.asc"
Content-Transfer-Encoding: 7bit
Content-Description: Digital signature

YMMV, of course, but from where I sit at least it seems to be ~all one
way.

Scott K



<Prev in Thread] Current Thread [Next in Thread>