[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mutt & GnuPG

On Tue, May 13, 2003 at 07:44:56PM +0200, Viktor Rosenfeld wrote:
> Colin Watson wrote:
> > (Well, you could use traditional PGP clearsigning, I suppose; but that's
> > non-standard and often requires special processing.
> 
> In what way is clear-signing non-standard?

Hm, actually, RFC 2440 is standards track, so I may have been
overstating the case. However, in the case at hand, that of e-mail, RFC
2440 says:

   Note that many applications, particularly messaging applications,
   will want more advanced features as described in the OpenPGP-MIME
   document, RFC 2015. An application that implements OpenPGP for
   messaging SHOULD implement OpenPGP-MIME.

> Also, how does PGP/MIME take care of the special processing, as far as
> actually verifying the signature?

The Debian bug tracking system doesn't care; it just wants to ignore the
signature and extract the first few lines of plain text so that it can
figure out what package the bug is supposed to be against. With PGP/MIME
that's just the same as removing any other kind of attachment, but
clearsigning requires special processing.

E-mail *is* used for command-processing applications like this, and MIME
offers a general way of allowing senders to add extra junk to the
message without it getting in the way of plain text extraction for those
who want that. Program-specific syntax like clearsigning doesn't scale.

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]
Reply to: