I'm brend new on this mailing list, so my question is probably a bit annoying,
but it's not so easy to browse through the archive (and the minutes don't say
that much). Just in case you care, I'm interested in PGP more than in PEM,
even though I'm no real user of any of those. (I just happen to work on an
implementation of mime-pgp). My interest is to have a PGP-MIME structure,
and the PEM-MIME structure looks like a good starting point.
- What's the rationale behind having both 'protocol' and 'micalg' on the
multipart/signed type ?
On comp.mail.mime, Ned Freed said:
Rhys Weatherley said:
Interestingly, there seems to be no barrier to creating a multipart/signed
that contained a body part, a PEM signature, and a PGP signature for that
same
body part.
It was absolutely our intent to make this possible -- that's why the micalg
(formerly hashalg) allows for multiple algorithms. Of course its a bit nicer
if the same algorithm is used, but this works even if it isn't and still only
requires single pass processing on both ends.
I can see the interest of the micalg parameter, since it allows single pass
processing, and allows for multiple algorithms. But the protocol parameter
seems rather useless to me, and prevents the use of multiple signature parts.
So that the use of both pem and pgp signatures forces the use of a pem-signature
part even for pgp signatures or the opposite.
Why not drop that protocol param ?
- What's the point of having the 'protocol' argument on multipart/encrypted ?
Same question here, what's the use of the protocol param ?
- The PEM-MIME draft seems to "open" the structure of PEM messages. Or rather,
it pushes it from inside the PEM message to the MIME structure. But it has
been done only partly, it seems. Why has it been decided to stop here and not
have (for example) the signature being a private-key-encrypted part containing
the MD5 result ? This would allow fancy variations, like have the signature
itself public-key-encrypted (so that only selected people can know who signed
the document).
Stefan