From owner-ietf-openpgp@mail.imc.org Mon Jul 2 13:48:30 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id NAA05345 for ; Mon, 2 Jul 2001 13:48:29 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f62HRvU28656 for ietf-openpgp-bks; Mon, 2 Jul 2001 10:27:57 -0700 (PDT) Received: from hotmail.com (oe57.law3.hotmail.com [209.185.240.57]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f62HRtm28652 for ; Mon, 2 Jul 2001 10:27:55 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 2 Jul 2001 10:16:02 -0700 X-Originating-IP: [207.127.12.210] From: "vedaal" To: Subject: separation of signed and encrypted pgp mesages into signed pgp messages Date: Mon, 2 Jul 2001 13:15:27 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Message-ID: X-OriginalArrivalTime: 02 Jul 2001 17:16:02.0352 (UTC) FILETIME=[AB726B00:01C1031A] Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- There was a recent paper, describing a flaw in the sign and encrypt function of Open PGP. the author assumes that is is possible for the recipient to strip off the encryption from a signed and encrypted pgp message, leaving only a verified signed message, and that the ability to do this is ensured in the Open PGP Standard {afaik} this can be done in pgp only when both the receiver and sender are using RSA keys, {can be done only from 2.6.x with the simple one step command: pgp -da(filename) which will leave an armored signed message in text form, with a signature that verifies in any version of pgp cannot be done in later command line versions of pgp, as the -d command, will just decrypt, and not leave a signature, the -b command will do the same.} the people at sci.crypt seem to feel that as long as the program conforms to pgp standards, such a separation is *do-able* for any key type, even if a custom program must be written to do this. does anyone know of any way that this separation can be done for a message signed and encrypted with a DH/dss key, with pgp, gpg or any other program, and, is it, in-fact, guaranteed by the Open PGP Standard, that it 'must' be so? vedaal -----BEGIN PGP SIGNATURE----- Version: 6.5.8ckt _ build 6 http://www.ipgpp.com/ Comment: { Acts of Kindness better the World, and protect the Soul } Comment: KeyID: 0x6A05A0B785306D25 Comment: Fingerprint: 96A6 5F71 1C43 8423 D9AE 02FD A711 97BA iQEVAwUBO0CixGoFoLeFMG0lAQFztgf+K+sHFg8bkf2LO4HAsm0sINs4bzBBSKCO ctXYl75F3B+SrPW58DwvrdOGwkhO75O4vH9tjOzv7SQR+T9mCK0MQWcar3sYM+D9 GpCnFgq6o9HoBcgwr+cp90y2j1/UQPRrcOjh68EEQy1eXLEvNdz4ZjOgK3cootrK CJSpq2+vX+ki9gRKnZ4LXfCxenNqdHGQkUxXwbBmoJgazeA/orvcNycBJ0CWvCdc tw41Enm3jbFS5aWPmbk90XaCB9tr5R8cixCqvNGaXPKvefBFtwlZfUSQOcTOv4sW 23YFue0ITIpbru3GGQ6sYaJkSdNnFqKZ/sfSnNlJ0Rhu7Pxf3QJAMw== =GP0y -----END PGP SIGNATURE----- --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.263 / Virus Database: 135 - Release Date: 6/22/01 From owner-ietf-openpgp@mail.imc.org Mon Jul 2 14:37:58 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id OAA07010 for ; Mon, 2 Jul 2001 14:37:57 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f62IODo02830 for ietf-openpgp-bks; Mon, 2 Jul 2001 11:24:13 -0700 (PDT) Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f62IOBm02821 for ; Mon, 2 Jul 2001 11:24:11 -0700 (PDT) Received: from [63.73.97.180] (64.69.113.115) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.0.3); Mon, 2 Jul 2001 11:23:56 -0700 Mime-Version: 1.0 X-Sender: jon@63.73.97.162 Message-Id: In-Reply-To: References: Date: Mon, 2 Jul 2001 11:15:39 -0700 To: "vedaal" , From: Jon Callas Subject: Re: separation of signed and encrypted pgp mesages into signed pgp messages Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: At 1:15 PM -0400 7/2/01, vedaal wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >There was a recent paper, > >describing a flaw in the sign and encrypt function of Open PGP. > Well, while this is an interesting paper, it doesn't really describe a cryptographic problem at all, it describes a semantic problem. The problems he outlines don't require encryption, they all work equally well with clear-signed messages, and as someone else pointed out probably work just fine with unsigned messages for the simple reason that if someone sends bare text, people tend to believe its authenticity. >the author assumes that is is possible for the recipient >to strip off the encryption from a signed and encrypted pgp message, >leaving only a verified signed message, >and that the ability to do this is ensured in the Open PGP Standard > >{afaik} this can be done in pgp only when both the receiver and sender are >using RSA keys, > OpenPGP describes that a message is signed, and then the bundle of the plaintext and signature are encrypted. So yes, it's certainly possible for someone to decrypt a message and you then have in your hands a signed message. It does *not* matter what key type it is; the packet formats are the same no matter what the key type. >{can be done only from 2.6.x with the simple one step command: > pgp -da(filename) >which will leave an armored signed message in text form, with a signature >that verifies in any version of pgp > >cannot be done in later command line versions of pgp, as the -d command, >will just decrypt, and not leave a signature, >the -b command will do the same.} > >the people at sci.crypt seem to feel that as long as the program conforms >to pgp standards, such a separation is *do-able* for any key type, even if >a >custom program must be written to do this. > > >does anyone know of any way that this separation can be done for a message >signed and encrypted with a DH/dss key, >with pgp, gpg or any other program, and, is it, in-fact, guaranteed by the >Open PGP Standard, that it 'must' be so? > Take a look at the RFC. Look in particular at Section 10.2. There's nothing in there that specifies what the key type is. Jon From owner-ietf-openpgp@mail.imc.org Mon Jul 2 16:46:17 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id QAA00188 for ; Mon, 2 Jul 2001 16:46:15 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f62KbW614760 for ietf-openpgp-bks; Mon, 2 Jul 2001 13:37:32 -0700 (PDT) Received: from xfw.transarc.ibm.com (xfw.transarc.ibm.com [192.54.226.51]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f62KbMm14743 for ; Mon, 2 Jul 2001 13:37:30 -0700 (PDT) Received: from mailhost.transarc.ibm.com (mailhost.transarc.ibm.com [9.38.192.124]) by xfw.transarc.ibm.com (AIX4.3/UCB 8.7/8.7) with ESMTP id QAA25838 for ; Mon, 2 Jul 2001 16:30:04 -0400 (EDT) Received: from mwyoung (dhcp-197-83.transarc.ibm.com [9.38.197.83]) by mailhost.transarc.ibm.com (8.8.0/8.8.0) with SMTP id QAA04272 for ; Mon, 2 Jul 2001 16:37:15 -0400 (EDT) Message-ID: <022801c10336$af8179e0$c23fa8c0@transarc.ibm.com> From: "Michael Young" To: References: Subject: Re: separation of signed and encrypted pgp mesages into signed pgp messages Date: Mon, 2 Jul 2001 16:35:51 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- >There was a recent paper, > > > describing a flaw in the sign and encrypt function of Open PGP. Despite the gratuitously over-hyped title, the paper does make it clear that the "flaw" is one of understanding. In particular, it is necessary to understand *what* is being signed, and for many systems, it is *only* the message body. Unsigned material, including headers (sender, receiver, and what-not), can be changed. If you want clear identities (or other context) in the signed text, you need to put them there. Yes, some products gloss over the details. PGP, for instance, labels the function "Encrypt&Sign" when it really works in the other order. > the author assumes that is is possible for the recipient > to strip off the encryption from a signed and encrypted pgp message, > leaving only a verified signed message, > and that the ability to do this is ensured in the Open PGP Standard Yes. This *can* be a desirable feature. If you don't like it, you can: (a) include enough context in the signed material; and/or, (b) manually encrypt, then sign (but as the paper points out, doing so without context offers only marginally different protection). I'd be more than happy for end-user agents to offer to do one or both. I would not be happy with the specification mandating particular agent behavior -- it does not appear to mandate sign-then-encrypt now. > {afaik} this can be done in pgp only when both the receiver and sender are > using RSA keys, No. The specification does not tie packet composition to the type of key used. [But in practice: newer PGP versions that support DSA/DH keys also support one-pass signatures, so they may have extra packets, but this has no bearing on the "problem" at hand.] -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQEVAwUBO0DbImNDnIII+QUHAQExNAf+PhMkaRRRQDpATekpf+SH6KMXjxb6dck5 BHBX2U8g3MN0FrsCCI5VSDlL7vPELLgEx+aY2b0PjstiieuQpWUj87kJ3v3lKrhr w5g/GCw/dAGN7hCO/uXKkQNR/OcqZnDcaTP+z3n3mlUpkFJV1EvrSEPWRvYwLCmr zYsc/oMFsj00a5m2Y3xkyB9Zr/qsBxLaPO6OwvtJ8SNnetjIVW29KsccDs26I3ch zFkppBpVqwk6V7cIb7UIYpc1SZkxHFhmzjr9gbN8Jx8BuHG4I92SDhCy9iqX4ybk /2vou8pGWRz2DdVrWidaASg0qbdVVuMH+TsDWp1pWT09peSeMBRB2g== =w8B7 -----END PGP SIGNATURE----- From owner-ietf-openpgp@mail.imc.org Tue Jul 3 06:02:30 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id GAA20326 for ; Tue, 3 Jul 2001 06:02:28 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f639k9c07252 for ietf-openpgp-bks; Tue, 3 Jul 2001 02:46:09 -0700 (PDT) Received: from smtp2.nikoma.de (smtp2.nikoma.de [212.122.128.25]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f639k7m07248 for ; Tue, 3 Jul 2001 02:46:07 -0700 (PDT) Received: from sobolev.does-not-exist.org (dialin181.pg4-nt.dusseldorf.nikoma.de [213.54.99.181]) by smtp2.nikoma.de (8.9.3/8.9.3) with ESMTP id LAA84311 for ; Tue, 3 Jul 2001 11:45:47 +0200 (CEST) (envelope-from roessler@does-not-exist.org) Received: by sobolev.does-not-exist.org (Postfix, from userid 1000) id 276762ED15; Tue, 3 Jul 2001 11:44:48 +0200 (CEST) Date: Tue, 3 Jul 2001 11:44:48 +0200 From: Thomas Roessler To: "openPGP e-Mail (E-Mail)" Subject: [urgent] PGP/MIME IANA considerations: file extensions, Macintosh file type codes. Message-ID: <20010703114448.C32064@sobolev.does-not-exist.org> Mail-Followup-To: "openPGP e-Mail (E-Mail)" Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline User-Agent: Mutt/1.3.19i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: IESG requests that we add a IANA consideration section to the PGP/MIME text. This section should also contain indications of file extensions and Macintosh file type codes to be used for the media types we define. I suppose that we should list none for application/pgp-encrypted, and .asc as the file extension for application/pgp-signature and application/pgp-keys. However, what are the Macintosh File Type Codes to be used for the latter two media types? Please reply ASAP. -- Thomas Roessler http://log.does-not-exist.org/ From owner-ietf-openpgp@mail.imc.org Tue Jul 3 13:03:01 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id NAA12529 for ; Tue, 3 Jul 2001 13:03:00 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f63Grip22571 for ietf-openpgp-bks; Tue, 3 Jul 2001 09:53:44 -0700 (PDT) Received: from gateway.idio.com (cx45287-a.pwy1.sdca.home.com [24.0.170.105]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f63Grgm22567 for ; Tue, 3 Jul 2001 09:53:42 -0700 (PDT) Received: from [192.168.16.5] (burns.idio.com [192.168.16.5]) by gateway.idio.com (Postfix) with ESMTP id 5FBA2192D; Tue, 3 Jul 2001 16:53:39 +0000 (GMT) Mime-Version: 1.0 X-Sender: mclow@owl.csusm.edu (Unverified) Message-Id: In-Reply-To: <20010703114448.C32064@sobolev.does-not-exist.org> References: <20010703114448.C32064@sobolev.does-not-exist.org> Date: Tue, 3 Jul 2001 09:53:39 -0700 To: Thomas Roessler From: Marshall Clow Subject: Re: [urgent] PGP/MIME IANA considerations: file extensions, Macintosh file type codes. Cc: "openPGP e-Mail (E-Mail)" Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: >IESG requests that we add a IANA consideration section to the PGP/MIME text. > >This section should also contain indications of file extensions and Macintosh file type codes to be used for the media types we define. > >I suppose that we should list none for application/pgp-encrypted, and .asc as the file extension for application/pgp-signature and application/pgp-keys. However, what are the Macintosh File Type Codes to be used for the latter two media types? PGP 7.03 uses the following types: PGP Encrypted file: pgEF Detached Signature: pgDS Public Key Files: pgPR Secret Key Files: pgRR -- -- Marshall Marshall Clow Idio Software Warning: Objects in calendar are closer than they appear. From owner-ietf-openpgp@mail.imc.org Thu Jul 5 18:18:23 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA28916 for ; Thu, 5 Jul 2001 18:18:22 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f65M6rX25943 for ietf-openpgp-bks; Thu, 5 Jul 2001 15:06:53 -0700 (PDT) Received: from mage.qualcomm.com (mage.qualcomm.com [129.46.65.64]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f65M6mm25939 for ; Thu, 5 Jul 2001 15:06:52 -0700 (PDT) Received: from [129.46.76.217] (dhcp114.qualcomm.com [129.46.76.217]) by mage.qualcomm.com (8.11.3/8.11.3/1.0) with ESMTP id f65M6mK11807; Thu, 5 Jul 2001 15:06:48 -0700 (PDT) Mime-Version: 1.0 X-Sender: jwn2@mage.qualcomm.com Message-Id: In-Reply-To: References: <20010703114448.C32064@sobolev.does-not-exist.org> X-Mailer: eudora51-0525011202 X-PGP-RSA-Fingerprint: EA53 01A6 C076 F9C2 09E8 9480 645A 8857 X-PGP-DH-Fingerprint: 4F5E 56C9 BD4D 0227 331F 6AEE 9590 24F9 6FD7 04F8 Date: Thu, 5 Jul 2001 15:06:41 -0700 To: Thomas Roessler From: John W Noerenberg II Subject: Re: [urgent] PGP/MIME IANA considerations: file extensions, Macintosh file type codes. Cc: Marshall Clow , "openPGP e-Mail (E-Mail)" Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: At 9:53 AM -0700 7/3/01, Marshall Clow wrote: >(Macintosh) PGP Encrypted file: pgEF This needs to be added to 9.1. It's possible that a UA will write the encrypted data to a file. It's helpful for Mac files to have the right type. It certainly isn't harmful to the document to add it. -- john noerenberg jwn2@qualcomm.com -------------------------------------------------------------------- There is no illusion more dangerous than the belief that the progress of science is predictable. -- Freeman Dyson, "Six Cautionary Tales for Scientists", 1988 -------------------------------------------------------------------- From owner-ietf-openpgp@mail.imc.org Thu Jul 5 18:33:01 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA29069 for ; Thu, 5 Jul 2001 18:33:01 -0400 (EDT) Received: by above.proper.com (8.11.3/8.11.3) id f65MQuR26324 for ietf-openpgp-bks; Thu, 5 Jul 2001 15:26:56 -0700 (PDT) Received: from smtp1.nikoma.de (smtp1.nikoma.de [212.122.128.19]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f65MQsm26315 for ; Thu, 5 Jul 2001 15:26:54 -0700 (PDT) Received: from sobolev.does-not-exist.org (dialin47.pg4-nt.dusseldorf.nikoma.de [213.54.99.47]) by smtp1.nikoma.de (8.9.3/8.9.3) with ESMTP id AAA19339; Fri, 6 Jul 2001 00:26:51 +0200 (CEST) (envelope-from roessler@does-not-exist.org) Received: by sobolev.does-not-exist.org (Postfix, from userid 1000) id A0F622ED15; Fri, 6 Jul 2001 00:25:55 +0200 (CEST) Date: Fri, 6 Jul 2001 00:25:55 +0200 From: Thomas Roessler To: John W Noerenberg II Cc: Marshall Clow , "openPGP e-Mail (E-Mail)" Subject: Re: [urgent] PGP/MIME IANA considerations: file extensions, Macintosh file type codes. Message-ID: <20010706002555.A23829@sobolev.does-not-exist.org> Mail-Followup-To: John W Noerenberg II , Marshall Clow , "openPGP e-Mail (E-Mail)" References: <20010703114448.C32064@sobolev.does-not-exist.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.19i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 2001-07-05 15:06:41 -0700, John W Noerenberg II wrote: >>(Macintosh) PGP Encrypted file: pgEF >This needs to be added to 9.1. No. >It's possible that a UA will write the encrypted data to a file. >It's helpful for Mac files to have the right type. It certainly >isn't harmful to the document to add it. The encrypted data is in an application/octet-stream body part (which is the second part of a multipart/encrypted), not in application/pgp-encrypted. application/pgp-encrypted is the first part of a multipart/encrypted, which is supposed to hold meta information about the encrypted data. With PGP/MIME, that's just a dummy, containing the character string "Version: 1". See also section 4, and the example on page 5 of the draft. -- Thomas Roessler http://log.does-not-exist.org/ From owner-ietf-openpgp@mail.imc.org Fri Jul 6 06:59:43 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id GAA26570 for ; Fri, 6 Jul 2001 06:59:42 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f66AokN00160 for ietf-openpgp-bks; Fri, 6 Jul 2001 03:50:46 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f66Aoim00156 for ; Fri, 6 Jul 2001 03:50:44 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA25773; Fri, 6 Jul 2001 06:49:59 -0400 (EDT) Message-Id: <200107061049.GAA25773@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-openpgp@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-openpgp-mime-07.txt Date: Fri, 06 Jul 2001 06:49:59 -0400 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the An Open Specification for Pretty Good Privacy Working Group of the IETF. Title : MIME Security with OpenPGP Author(s) : M. Elkins, D. Del Torto, R. Levien, T. Roessler Filename : draft-ietf-openpgp-mime-07.txt Pages : 15 Date : 05-Jul-01 This document describes how the OpenPGP Message Format [1] can be used to provide privacy and authentication using the Multipurpose Internet Mail Extensions (MIME) security content types described in RFC1847 [2]. This draft is being discussed on the 'ietf-openpgp' mailing list. To join the list, send a message to with the single word 'subscribe' in the subject. An archive of the working group's list is located at . A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-openpgp-mime-07.txt Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-openpgp-mime-07.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-openpgp-mime-07.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20010705113750.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-openpgp-mime-07.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-openpgp-mime-07.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20010705113750.I-D@ietf.org> --OtherAccess-- --NextPart-- From owner-ietf-openpgp@mail.imc.org Mon Jul 16 18:32:49 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA23786 for ; Mon, 16 Jul 2001 18:32:49 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6GMH4227840 for ietf-openpgp-bks; Mon, 16 Jul 2001 15:17:04 -0700 (PDT) Received: from mail.arcor-ip.de (mail.arcor-ip.de [145.253.2.10] (may be forged)) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6GMH2q27836 for ; Mon, 16 Jul 2001 15:17:03 -0700 (PDT) Received: from localhost (212.144.246.111) by mail.arcor-ip.de (5.5.034) id 3B4F0EFE00067B8F for ietf-openpgp@imc.org; Tue, 17 Jul 2001 00:16:49 +0200 Received: by localhost (Postfix, from userid 500) id 578C018; Tue, 17 Jul 2001 00:20:03 +0200 (CEST) Date: Tue, 17 Jul 2001 00:20:03 +0200 From: Ingo Luetkebohle To: ietf-openpgp@imc.org Subject: Attribute certificates Message-ID: <20010717002003.A1161@blank.pages.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="sdtB3X0nJg68CQEu" Content-Disposition: inline User-Agent: Mutt/1.2.5i Organization: Maybe when I grow up X-URL: http://blank.pages.de/ Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --sdtB3X0nJg68CQEu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, has there been discussion of specifing something like X.509 attribute certificates for PGP? Basically, an attribute certificate is a certification that some arbitrary association holds for the key owner. E.g., it could be used to certify membership to some group or to express other information about the key owner. Regards=20 --=20 Ingo Luetkebohle / ingo@blank.pages.de / 95428014 / | Student of Computational Linguistics & Computer Science; | Fargonauten.DE sysadmin; Gimp Registry maintainer; | FP: 3187 4DEC 47E6 1B1E 6F4F 57D4 CD90 C164 34AD CE5B --sdtB3X0nJg68CQEu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE7U2iTzZDBZDStzlsRAdqFAJ4vf/HpF6q805nsNvhTumIwC96ZdgCgs0jr +R/HLboaYbVht2cVGHO4FAo= =HT9k -----END PGP SIGNATURE----- --sdtB3X0nJg68CQEu-- From owner-ietf-openpgp@mail.imc.org Mon Jul 16 19:23:28 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id TAA02657 for ; Mon, 16 Jul 2001 19:23:27 -0400 (EDT) Received: by above.proper.com (8.11.3/8.11.3) id f6GNBKL29024 for ietf-openpgp-bks; Mon, 16 Jul 2001 16:11:20 -0700 (PDT) Received: from merrymeet.com (iMac@merrymeet.com [63.73.97.162]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6GNBHq29013 for ; Mon, 16 Jul 2001 16:11:17 -0700 (PDT) Received: from [63.73.97.180] (64.69.113.115) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.0.3); Mon, 16 Jul 2001 16:11:10 -0700 Mime-Version: 1.0 X-Sender: jon@63.73.97.162 Message-Id: In-Reply-To: <20010717002003.A1161@blank.pages.de> References: <20010717002003.A1161@blank.pages.de> Date: Mon, 16 Jul 2001 16:10:54 -0700 To: Ingo Luetkebohle , ietf-openpgp@imc.org From: Jon Callas Subject: Re: Attribute certificates Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: At 12:20 AM +0200 7/17/01, Ingo Luetkebohle wrote: >Hi, > >has there been discussion of specifing something like X.509 attribute >certificates for PGP? Basically, an attribute certificate is a >certification that some arbitrary association holds for the key >owner. E.g., it could be used to certify membership to some group or >to express other information about the key owner. > Yes. The Standalone Signatures and Notation signature subpackets are designed precisely to set up the sort of arbitrary associations that you're looking for. But also, notations can be used other signatures to put in information like group membership and so on. Jon From owner-ietf-openpgp@mail.imc.org Tue Jul 17 15:31:40 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id PAA23637 for ; Tue, 17 Jul 2001 15:31:39 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6HJLwR11810 for ietf-openpgp-bks; Tue, 17 Jul 2001 12:21:58 -0700 (PDT) Received: from mercury.rus.uni-stuttgart.de (mercury.rus.uni-stuttgart.de [129.69.1.226]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6HJLvq11806 for ; Tue, 17 Jul 2001 12:21:57 -0700 (PDT) Received: from rusfw by mercury.rus.uni-stuttgart.de with local (Exim 3.22 #1) id 15MaNz-000242-00 for ietf-openpgp@imc.org; Tue, 17 Jul 2001 21:19:59 +0200 To: "openPGP e-Mail (E-Mail)" Subject: Re: [urgent] PGP/MIME IANA considerations: file extensions, Macintosh file type codes. References: <20010703114448.C32064@sobolev.does-not-exist.org> From: Florian Weimer Date: 17 Jul 2001 21:19:59 +0200 In-Reply-To: <20010703114448.C32064@sobolev.does-not-exist.org> (Thomas Roessler's message of "Tue, 3 Jul 2001 11:44:48 +0200") Message-ID: Lines: 34 User-Agent: Gnus/5.090001 (Oort Gnus v0.01) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Excerpt from the current OpenPGP/MIME draft: | 9.2. Registration of the application/pgp-signature media type | Encoding considerations: | | The content of this media type always consists of 7bit text. | Additional information: | | Magic number(s): none | File extension(s): asc | Macintosh File Type Code(s): pgDS | 9.3. Registration of the application/pgp-keys media type | Encoding considerations: | | The content of this media type always consists of 7bit text. | Additional information: | | Magic number(s): none | File extension(s): asc | Macintosh File Type Code(s): pgPR Doesn't Macintosh PGP (and perhaps other programs as well) store binary data in pgDS/pgPR files as well? That's why I don't think the MIME types and Macintosh file types are equivalent. -- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898 From owner-ietf-openpgp@mail.imc.org Tue Jul 17 16:24:41 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id QAA06119 for ; Tue, 17 Jul 2001 16:24:41 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6HKASU12774 for ietf-openpgp-bks; Tue, 17 Jul 2001 13:10:28 -0700 (PDT) Received: from enigma.cyphers.net (enigma.cyphers.net [64.220.173.136]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6HKAQq12770 for ; Tue, 17 Jul 2001 13:10:26 -0700 (PDT) Received: from cyphers.net (sncgw.nai.com [161.69.248.229]) by enigma.cyphers.net (Netscape Messaging Server 4.15) with ESMTP id GGMVQJ00.PH0; Tue, 17 Jul 2001 13:03:55 -0700 Message-ID: <3B549BAF.D334E139@cyphers.net> Date: Tue, 17 Jul 2001 13:10:23 -0700 From: Will Price Reply-To: wprice@cyphers.net X-Mailer: Mozilla 4.75 (Macintosh; U; PPC) X-Accept-Language: en,pdf MIME-Version: 1.0 To: Florian Weimer CC: "openPGP e-Mail (E-Mail)" Subject: Re: [urgent] PGP/MIME IANA considerations: file extensions, Macintosh file type codes. References: <20010703114448.C32064@sobolev.does-not-exist.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit The "pgDS" file type is a Detached Signature. The correct file extension for a detached signature is ".sig". These are ASCII files. They do *not* use the ".asc" extension. The "pgPR" file type is a Public Keyring file. The correct file extension for a Public Keyring file is ".pkr". These are always binary files. ".asc" files sometimes contain keys, and sometimes contain encrypted and/or signed data -- always in ASCII format. These files have no special Macintosh file type. The file type for these is the standard "TEXT". The "pgRR" file type is a Secret Keyring file. The correct file extension for a Secret Keyring file is ".skr". These are always binary files. The "pgEF" file type is a PGP encrypted and/or signed file. The correct file extension for such a file is ".pgp". These are usually binary files, but not always. Florian Weimer wrote: > > Excerpt from the current OpenPGP/MIME draft: > > | 9.2. Registration of the application/pgp-signature media type > > | Encoding considerations: > | > | The content of this media type always consists of 7bit text. > > | Additional information: > | > | Magic number(s): none > | File extension(s): asc > | Macintosh File Type Code(s): pgDS > > | 9.3. Registration of the application/pgp-keys media type > > | Encoding considerations: > | > | The content of this media type always consists of 7bit text. > > | Additional information: > | > | Magic number(s): none > | File extension(s): asc > | Macintosh File Type Code(s): pgPR > > Doesn't Macintosh PGP (and perhaps other programs as well) store > binary data in pgDS/pgPR files as well? That's why I don't think the > MIME types and Macintosh file types are equivalent. -- Will Price, Director of Engineering PGP Security, Inc. a division of Network Associates, Inc. From owner-ietf-openpgp@mail.imc.org Tue Jul 17 16:53:13 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id QAA11230 for ; Tue, 17 Jul 2001 16:53:13 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6HKiMm13575 for ietf-openpgp-bks; Tue, 17 Jul 2001 13:44:22 -0700 (PDT) Received: from rcn.ihtfp.org (me@ORANGE-TOUR.IHTFP.ORG [204.107.200.33]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6HKiKq13570 for ; Tue, 17 Jul 2001 13:44:20 -0700 (PDT) Received: (from warlord@localhost) by rcn.ihtfp.org (8.9.3) id QAA26620; Tue, 17 Jul 2001 16:44:15 -0400 To: wprice@cyphers.net Cc: Florian Weimer , "openPGP e-Mail (E-Mail)" Subject: Re: [urgent] PGP/MIME IANA considerations: file extensions, Macintosh file type codes. References: <20010703114448.C32064@sobolev.does-not-exist.org> <3B549BAF.D334E139@cyphers.net> From: Derek Atkins Date: 17 Jul 2001 16:44:15 -0400 In-Reply-To: Will Price's message of "Tue, 17 Jul 2001 13:10:23 -0700" Message-ID: Lines: 14 X-Mailer: Gnus v5.5/Emacs 20.3 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Will Price writes: > The "pgDS" file type is a Detached Signature. The correct file extension > for a detached signature is ".sig". These are ASCII files. They do *not* > use the ".asc" extension. So you can't have a binary detached signature? It must be ASCII? -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH warlord@MIT.EDU PGP key available From owner-ietf-openpgp@mail.imc.org Tue Jul 17 17:10:05 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA15176 for ; Tue, 17 Jul 2001 17:10:05 -0400 (EDT) Received: by above.proper.com (8.11.3/8.11.3) id f6HL0QY13934 for ietf-openpgp-bks; Tue, 17 Jul 2001 14:00:26 -0700 (PDT) Received: from mercury.rus.uni-stuttgart.de (mercury.rus.uni-stuttgart.de [129.69.1.226]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6HL0Pq13930 for ; Tue, 17 Jul 2001 14:00:25 -0700 (PDT) Received: from rusfw by mercury.rus.uni-stuttgart.de with local (Exim 3.22 #1) id 15MbvL-0002Kt-00; Tue, 17 Jul 2001 22:58:31 +0200 To: Derek Atkins Cc: wprice@cyphers.net, "openPGP e-Mail (E-Mail)" Subject: Re: [urgent] PGP/MIME IANA considerations: file extensions, Macintosh file type codes. References: <20010703114448.C32064@sobolev.does-not-exist.org> <3B549BAF.D334E139@cyphers.net> From: Florian Weimer Date: 17 Jul 2001 22:58:31 +0200 In-Reply-To: (Derek Atkins's message of "17 Jul 2001 16:44:15 -0400") Message-ID: Lines: 19 User-Agent: Gnus/5.090001 (Oort Gnus v0.01) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Derek Atkins writes: > Will Price writes: > > > The "pgDS" file type is a Detached Signature. The correct file extension > > for a detached signature is ".sig". These are ASCII files. They do *not* > > use the ".asc" extension. > > So you can't have a binary detached signature? AFAIK, PGP 2.6.x can create such signatures, and there's nothing in the OpenPGP standard which outlaws them, quite the contrary. Probably you only can't process them on the Mac due to lack of a proper file type. :-/ -- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898 From owner-ietf-openpgp@mail.imc.org Tue Jul 17 17:11:11 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA15468 for ; Tue, 17 Jul 2001 17:11:10 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6HL1T513970 for ietf-openpgp-bks; Tue, 17 Jul 2001 14:01:29 -0700 (PDT) Received: from enigma.cyphers.net (enigma.cyphers.net [64.220.173.136]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6HL1Rq13966 for ; Tue, 17 Jul 2001 14:01:27 -0700 (PDT) Received: from cyphers.net (sncgw.nai.com [161.69.248.229]) by enigma.cyphers.net (Netscape Messaging Server 4.15) with ESMTP id GGMY3Q00.QFN; Tue, 17 Jul 2001 13:55:02 -0700 Message-ID: <3B54A7AA.5C375A3C@cyphers.net> Date: Tue, 17 Jul 2001 14:01:30 -0700 From: Will Price Reply-To: wprice@cyphers.net X-Mailer: Mozilla 4.75 (Macintosh; U; PPC) X-Accept-Language: en,pdf MIME-Version: 1.0 To: Derek Atkins CC: Florian Weimer , "openPGP e-Mail (E-Mail)" Subject: Re: [urgent] PGP/MIME IANA considerations: file extensions, Macintosh file type codes. References: <20010703114448.C32064@sobolev.does-not-exist.org> <3B549BAF.D334E139@cyphers.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Actually, we don't care. We just happen to generate them as ASCII. Derek Atkins wrote: > > Will Price writes: > > > The "pgDS" file type is a Detached Signature. The correct file extension > > for a detached signature is ".sig". These are ASCII files. They do *not* > > use the ".asc" extension. > > So you can't have a binary detached signature? It must be ASCII? > > -derek > -- > Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory > Member, MIT Student Information Processing Board (SIPB) > URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH > warlord@MIT.EDU PGP key available -- Will Price, Director of Engineering PGP Security, Inc. a division of Network Associates, Inc. From owner-ietf-openpgp@mail.imc.org Tue Jul 17 18:20:47 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA27387 for ; Tue, 17 Jul 2001 18:20:45 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6HMC4S15882 for ietf-openpgp-bks; Tue, 17 Jul 2001 15:12:04 -0700 (PDT) Received: from smtp1.nikoma.de (smtp1.nikoma.de [212.122.128.19]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6HMC1q15878 for ; Tue, 17 Jul 2001 15:12:02 -0700 (PDT) Received: from sobolev.does-not-exist.org (dialin104.pg4-nt.dusseldorf.nikoma.de [213.54.99.104]) by smtp1.nikoma.de (8.9.3/8.9.3) with ESMTP id AAA47516; Wed, 18 Jul 2001 00:11:39 +0200 (CEST) (envelope-from roessler@does-not-exist.org) Received: by sobolev.does-not-exist.org (Postfix, from userid 1000) id F2BD12ED15; Wed, 18 Jul 2001 00:10:48 +0200 (CEST) Date: Wed, 18 Jul 2001 00:10:48 +0200 From: Thomas Roessler To: Will Price , Werner Koch Cc: Florian Weimer , "openPGP e-Mail (E-Mail)" Subject: Re: [urgent] PGP/MIME IANA considerations: file extensions, Macintosh file type codes. Message-ID: <20010718001048.C22823@sobolev.does-not-exist.org> Mail-Followup-To: Will Price , Werner Koch , Florian Weimer , "openPGP e-Mail (E-Mail)" References: <20010703114448.C32064@sobolev.does-not-exist.org> <3B549BAF.D334E139@cyphers.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="k+w/mQv8wyuph6w0" Content-Disposition: inline In-Reply-To: <3B549BAF.D334E139@cyphers.net> User-Agent: Mutt/1.3.19i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --k+w/mQv8wyuph6w0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable So what change do you suggest? =20 Should I replace the extension in 9.2 by ".sig", or list ".asc" and=20 ".sig"? (I also note that PGP 2.6 and PGP 5.0i generate ".asc" for=20 ASCII-armored detached signatures on my Linux machine; gnupg=20 generates ".sig".) And what file type and extension am I supposed to put in there for=20 ascii-armored public keys? ".asc" and "TEXT"? ".pkr" and "pgPR"?=20 None of these seem to make terribly much sense to me. Or should I just drop extensions and Mac file types? PLEASE ADVISE ASAP. THE FINAL DRAFT MUST BE IN THE I-D REPOSITORIES=20 WITHIN LESS THAN 48 HOURS. --=20 Thomas Roessler http://log.does-not-exist.org/ On 2001-07-17 13:10:23 -0700, Will Price wrote: >Date: Tue, 17 Jul 2001 13:10:23 -0700 >From: Will Price >Reply-To: wprice@cyphers.net >X-Mailer: Mozilla 4.75 (Macintosh; U; PPC) >To: Florian Weimer >Cc: "openPGP e-Mail (E-Mail)" >Subject: Re: [urgent] PGP/MIME IANA considerations: file extensions, Macin= tosh=20 > file type codes. > > >The "pgDS" file type is a Detached Signature. The correct file extension >for a detached signature is ".sig". These are ASCII files. They do *not* >use the ".asc" extension. > >The "pgPR" file type is a Public Keyring file. The correct file extension >for a Public Keyring file is ".pkr". These are always binary files. > >".asc" files sometimes contain keys, and sometimes contain encrypted >and/or signed data -- always in ASCII format. These files have no special >Macintosh file type. The file type for these is the standard "TEXT". > >The "pgRR" file type is a Secret Keyring file. The correct file extension >for a Secret Keyring file is ".skr". These are always binary files. > >The "pgEF" file type is a PGP encrypted and/or signed file. The correct >file extension for such a file is ".pgp". These are usually binary files, >but not always. > > > >Florian Weimer wrote: >>=20 >> Excerpt from the current OpenPGP/MIME draft: >>=20 >> | 9.2. Registration of the application/pgp-signature media type >>=20 >> | Encoding considerations: >> | >> | The content of this media type always consists of 7bit text. >>=20 >> | Additional information: >> | >> | Magic number(s): none >> | File extension(s): asc >> | Macintosh File Type Code(s): pgDS >>=20 >> | 9.3. Registration of the application/pgp-keys media type >>=20 >> | Encoding considerations: >> | >> | The content of this media type always consists of 7bit text. >>=20 >> | Additional information: >> | >> | Magic number(s): none >> | File extension(s): asc >> | Macintosh File Type Code(s): pgPR >>=20 >> Doesn't Macintosh PGP (and perhaps other programs as well) store >> binary data in pgDS/pgPR files as well? That's why I don't think the >> MIME types and Macintosh file types are equivalent. > > >--=20 > >Will Price, Director of Engineering >PGP Security, Inc. >a division of Network Associates, Inc. > --k+w/mQv8wyuph6w0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) iQEVAwUBO1S36NImKUTOasbBAQKJ/wf/aVKzpGDT8DHr03HbNETB7goVX5ccfS1U KwUMOhUlJp+GsFwcGzpmRe44ZTyLIhc/YDf0Euekvw1/XBH2EW9F0t5hzTzWA9dS uSdPBkPcS0NxP0ZEmbJSXPfW9Q5c5Qm00YLByS8PbqT+SPRjOpH4Va2mpu9AE9y8 kgegRTd7/u6w3gU9ND1bDceqNDZpvLDcg6GG0elkatmMKW32Dh2zSRIjnc8HlKea dHcD9Pp0QTqRTaILrnhZGOcDRb+oB41xUdGD7xeC0GzX7uM3SkbTy4cbpD0xu/Dw vCkOlGfOMOXxiZIl9PidM2Qal3EdJG8Ngko3EdPU3Hk+EquxzwZCCg== =UkVa -----END PGP SIGNATURE----- --k+w/mQv8wyuph6w0-- From owner-ietf-openpgp@mail.imc.org Tue Jul 17 21:06:03 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id VAA01998 for ; Tue, 17 Jul 2001 21:06:02 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6I0sS719095 for ietf-openpgp-bks; Tue, 17 Jul 2001 17:54:28 -0700 (PDT) Received: from mail.arcor-ip.de (mail.arcor-ip.de [145.253.2.10] (may be forged)) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6I0sRq19091 for ; Tue, 17 Jul 2001 17:54:27 -0700 (PDT) Received: from localhost (212.144.236.204) by mail.arcor-ip.de (5.5.034) id 3B4F0EFE00080D1D; Tue, 17 Jul 2001 10:35:58 +0200 Received: by localhost (Postfix, from userid 500) id D7E6E18; Tue, 17 Jul 2001 10:34:21 +0200 (CEST) Date: Tue, 17 Jul 2001 10:34:21 +0200 From: Ingo Luetkebohle To: Jon Callas Cc: ietf-openpgp@imc.org Subject: Re: Attribute certificates Message-ID: <20010717103421.A1143@blank.pages.de> References: <20010717002003.A1161@blank.pages.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="9jxsPFA5p3P2qPhR" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from jon@callas.org on Mon, Jul 16, 2001 at 04:10:54PM -0700 Organization: Maybe when I grow up X-URL: http://blank.pages.de/ Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --9jxsPFA5p3P2qPhR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jul 16, 2001 at 04:10:54PM -0700, Jon Callas wrote: > Yes. The Standalone Signatures and Notation signature subpackets are > designed precisely to set up the sort of arbitrary associations that you'= re > looking for. But also, notations can be used other signatures to put in > information like group membership and so on. Ah, I had wondered about the notation data but wasn't sure. Thanks for clarifiying that. Is there any kind of 'official' registration or publishing process for notation data to enable interoperability? Regards =20 --=20 Ingo Luetkebohle / ingo@blank.pages.de / 95428014 / | Student of Computational Linguistics & Computer Science; | Fargonauten.DE sysadmin; Gimp Registry maintainer; | FP: 3187 4DEC 47E6 1B1E 6F4F 57D4 CD90 C164 34AD CE5B --9jxsPFA5p3P2qPhR Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE7U/iNzZDBZDStzlsRAUKXAJ0XYd9cpCMMuIcDXiskBnsaLCXVvwCfWKfR tMGCQxMImxakT07wErNqgl4= =EOAg -----END PGP SIGNATURE----- --9jxsPFA5p3P2qPhR-- From owner-ietf-openpgp@mail.imc.org Tue Jul 17 23:33:00 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id XAA25809 for ; Tue, 17 Jul 2001 23:32:59 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6I3P6p22672 for ietf-openpgp-bks; Tue, 17 Jul 2001 20:25:06 -0700 (PDT) Received: from hotmail.com (f57.law4.hotmail.com [216.33.149.57]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6I3P6q22668 for ; Tue, 17 Jul 2001 20:25:06 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 17 Jul 2001 20:25:05 -0700 Received: from 172.148.225.188 by lw4fd.law4.hotmail.msn.com with HTTP; Wed, 18 Jul 2001 03:25:05 GMT X-Originating-IP: [172.148.225.188] From: "Bryan Morris" To: ietf-openpgp@imc.org Subject: Need PGP to automatically encrypt files via a script from our web based applicat Date: Wed, 18 Jul 2001 03:25:05 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 18 Jul 2001 03:25:05.0349 (UTC) FILETIME=[3CF77F50:01C10F39] Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hello, We have a web-based software application. On occasion, we need to transfer confidential data from our client's remote site to our development office. Is there a way we can install PGP (command line or windows version) and write a script to automatically encrypt the files with our public key and send those files to our tech support staff? The client would click a button from the browser application and the script would run. If so, can anyone tell me where I can find the technical details to do this? Also reference or URL is appreciated. Thanks, Bryan _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp From owner-ietf-openpgp@mail.imc.org Tue Jul 17 23:34:07 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id XAA25959 for ; Tue, 17 Jul 2001 23:34:06 -0400 (EDT) Received: by above.proper.com (8.11.3/8.11.3) id f6I3Ma822633 for ietf-openpgp-bks; Tue, 17 Jul 2001 20:22:36 -0700 (PDT) Received: from hotmail.com (f133.law7.hotmail.com [216.33.237.133]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6I3MZq22629 for ; Tue, 17 Jul 2001 20:22:35 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 17 Jul 2001 20:22:35 -0700 Received: from 172.148.225.188 by lw7fd.law7.hotmail.msn.com with HTTP; Wed, 18 Jul 2001 03:22:34 GMT X-Originating-IP: [172.148.225.188] From: "Allan Pratt" To: ietf-openpgp@imc.org Subject: ietf-openpgp@imc.org Date: Wed, 18 Jul 2001 03:22:34 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 18 Jul 2001 03:22:35.0229 (UTC) FILETIME=[E37D00D0:01C10F38] Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: ietf-openpgp@imc.org _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp From owner-ietf-openpgp@mail.imc.org Tue Jul 17 23:52:23 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id XAA28091 for ; Tue, 17 Jul 2001 23:52:22 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6I3haq22970 for ietf-openpgp-bks; Tue, 17 Jul 2001 20:43:36 -0700 (PDT) Received: from bureau6.utcc.utoronto.ca (bureau6.utcc.utoronto.ca [128.100.132.16]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6I3hYq22966 for ; Tue, 17 Jul 2001 20:43:34 -0700 (PDT) Received: from HSE-Toronto-ppp261697.sympatico.ca ([64.230.32.128] EHLO [169.254.207.110] ident: IDENT-NOT-QUERIED [port 50559]) by bureau6.utcc.utoronto.ca with ESMTP id <464165-19164>; Tue, 17 Jul 2001 23:43:25 -0400 Mime-Version: 1.0 X-Sender: robert.guerra@mailbox96.utcc.utoronto.ca Message-Id: In-Reply-To: References: Date: Tue, 17 Jul 2001 23:42:55 -0400 To: "Bryan Morris" , ietf-openpgp@imc.org From: Robert Guerra Subject: Re: Need PGP to automatically encrypt files via a script from our web based applicat Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: bryan: last time I checked on google, I spotted a few apache/php scripts using gnupg to do just the thing you want. if you find anything, let me know..as i to am looking for something similair regards Robert At 3:25 AM -0400 2001/7/18, Bryan Morris wrote: >Hello, > >We have a web-based software application. > >On occasion, we need to transfer confidential data from our client's >remote site to our development office. > >Is there a way we can install PGP (command line or windows version) >and write a script to automatically encrypt the files with our >public key and send those files to our tech support staff? The >client would click a button from the browser application and the >script would run. > >If so, can anyone tell me where I can find the technical details to do this? >Also reference or URL is appreciated. > >Thanks, > >Bryan > > >_________________________________________________________________ >Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- Progress, far from consisting in change, depends on retentiveness. Those who cannot remember the past are condemned to repeat it. "The Life of Reason," 1906, George Santayana (1863-1952) -- Robert Guerra PGP Keys From owner-ietf-openpgp@mail.imc.org Wed Jul 18 02:46:23 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id CAA17105 for ; Wed, 18 Jul 2001 02:46:23 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6I6ZdJ03931 for ietf-openpgp-bks; Tue, 17 Jul 2001 23:35:39 -0700 (PDT) Received: from kasiski.gnupg.de (porta.u64.de [194.77.88.106]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6I6Zaq03921 for ; Tue, 17 Jul 2001 23:35:36 -0700 (PDT) Received: from uucp by kasiski.gnupg.de with local-rmail (Exim 3.22 #1 (Debian)) id 15MlNM-0000Kq-00; Wed, 18 Jul 2001 09:04:04 +0200 Received: from wk by alberti.gnupg.de with local (Exim 3.22 #1 (Debian)) id 15Mkek-0002Y0-00; Wed, 18 Jul 2001 08:17:58 +0200 To: ietf-openpgp@imc.org Subject: Re: Attribute certificates References: <20010717002003.A1161@blank.pages.de> <20010717103421.A1143@blank.pages.de> From: Werner Koch Organisation: g10 Code GmbH X-PGP-KeyID: 621CC013 X-Request-PGP: finger:wk@porta.u64.de Date: 18 Jul 2001 08:17:57 +0200 In-Reply-To: <20010717103421.A1143@blank.pages.de> (Ingo Luetkebohle's message of "Tue, 17 Jul 2001 10:34:21 +0200") Message-ID: <87snfu4v6y.fsf@alberti.gnupg.de> Lines: 12 User-Agent: Gnus/5.090004 (Oort Gnus v0.04) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, 17 Jul 2001 10:34:21 +0200, Ingo Luetkebohle said: > Is there any kind of 'official' registration or publishing process for > notation data to enable interoperability? 2440bis has one. Basically you append "@mydomain" to the name and make sure that you have control over that domain. -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus From owner-ietf-openpgp@mail.imc.org Wed Jul 18 02:58:39 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id CAA18492 for ; Wed, 18 Jul 2001 02:58:38 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6I6nrh06232 for ietf-openpgp-bks; Tue, 17 Jul 2001 23:49:53 -0700 (PDT) Received: from merrymeet.com (iMac@merrymeet.com [63.73.97.162]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6I6nqq06224 for ; Tue, 17 Jul 2001 23:49:52 -0700 (PDT) Received: from [63.73.97.188] (63.73.97.188) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.0.3); Tue, 17 Jul 2001 23:49:47 -0700 Mime-Version: 1.0 X-Sender: jon@63.73.97.162 Message-Id: In-Reply-To: <87snfu4v6y.fsf@alberti.gnupg.de> References: <20010717002003.A1161@blank.pages.de> <20010717103421.A1143@blank.pages.de> <87snfu4v6y.fsf@alberti.gnupg.de> Date: Tue, 17 Jul 2001 23:49:42 -0700 To: Werner Koch , ietf-openpgp@imc.org From: Jon Callas Subject: Re: Attribute certificates Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: At 8:17 AM +0200 7/18/01, Werner Koch wrote: >On Tue, 17 Jul 2001 10:34:21 +0200, Ingo Luetkebohle said: > >> Is there any kind of 'official' registration or publishing process for >> notation data to enable interoperability? > >2440bis has one. Basically you append "@mydomain" to the name and >make sure that you have control over that domain. > Another informal alternative would be to use something similar to the Java naming scheme. If you prefixed your attributes with : de.pages.blank@ingo, you'd probably never run into trouble. Jon From owner-ietf-openpgp@mail.imc.org Wed Jul 18 03:39:28 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id DAA23042 for ; Wed, 18 Jul 2001 03:39:27 -0400 (EDT) Received: by above.proper.com (8.11.3/8.11.3) id f6I7Tbu12001 for ietf-openpgp-bks; Wed, 18 Jul 2001 00:29:37 -0700 (PDT) Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6I7TZq11997 for ; Wed, 18 Jul 2001 00:29:35 -0700 (PDT) Received: (from hal@localhost) by finney.org (8.9.3/8.9.3) id XAA10164; Tue, 17 Jul 2001 23:19:24 -0700 Date: Tue, 17 Jul 2001 23:19:24 -0700 From: hal@finney.org Message-Id: <200107180619.XAA10164@finney.org> To: ingo@blank.pages.de, jon@callas.org Subject: Re: Attribute certificates Cc: ietf-openpgp@imc.org Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: If you use the notation data for an attribute cert, be sure and set the critical flag. That should be a hint to software that it is not a regular certification signature. Software is supposed to ignore sigs that have critical subpackets which it doesn't understand. Hal From owner-ietf-openpgp@mail.imc.org Wed Jul 18 08:00:55 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id IAA07421 for ; Wed, 18 Jul 2001 08:00:55 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6IBmn428462 for ietf-openpgp-bks; Wed, 18 Jul 2001 04:48:49 -0700 (PDT) Received: from mail.arcor-ip.de (mail.arcor-ip.de [145.253.2.10] (may be forged)) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6IBmlq28458 for ; Wed, 18 Jul 2001 04:48:47 -0700 (PDT) Received: from localhost (212.144.245.253) by mail.arcor-ip.de (5.5.034) id 3B5565AD0000288C; Wed, 18 Jul 2001 13:48:42 +0200 Received: by localhost (Postfix, from userid 500) id 4286B3C; Wed, 18 Jul 2001 13:48:19 +0200 (CEST) Date: Wed, 18 Jul 2001 13:48:19 +0200 From: Ingo Luetkebohle To: Werner Koch Cc: ietf-openpgp@imc.org Subject: Re: Attribute certificates Message-ID: <20010718134819.C1213@blank.pages.de> References: <20010717002003.A1161@blank.pages.de> <20010717103421.A1143@blank.pages.de> <87snfu4v6y.fsf@alberti.gnupg.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="+g7M9IMkV8truYOl" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <87snfu4v6y.fsf@alberti.gnupg.de>; from wk@gnupg.org on Wed, Jul 18, 2001 at 08:17:57AM +0200 Organization: Maybe when I grow up X-URL: http://blank.pages.de/ Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --+g7M9IMkV8truYOl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 18, 2001 at 08:17:57AM +0200, Werner Koch wrote: > 2440bis has one. Basically you append "@mydomain" to the name and > make sure that you have control over that domain.=20 Well, I meant a little more with 'interoperability', namely, to enable others to implement my notations and to implement notations specified by others. Is there some means to exchange information necessary for that? otherwise, thanks for the tips on how I can prevent stepping on other software's toes :) --=20 Ingo Luetkebohle / ingo@blank.pages.de / 95428014 / | Student of Computational Linguistics & Computer Science; | Fargonauten.DE sysadmin; Gimp Registry maintainer; | FP: 3187 4DEC 47E6 1B1E 6F4F 57D4 CD90 C164 34AD CE5B --+g7M9IMkV8truYOl Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE7VXeDzZDBZDStzlsRAXMpAKCJoUTqRZagxYczOxO/WVJywsXvsACgrGIN exhqSfoVfUFuHGbaHisUVBg= =puPv -----END PGP SIGNATURE----- --+g7M9IMkV8truYOl-- From owner-ietf-openpgp@mail.imc.org Wed Jul 18 13:02:49 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id NAA13001 for ; Wed, 18 Jul 2001 13:02:48 -0400 (EDT) Received: by above.proper.com (8.11.3/8.11.3) id f6IGrwP07611 for ietf-openpgp-bks; Wed, 18 Jul 2001 09:53:58 -0700 (PDT) Received: from mercury.rus.uni-stuttgart.de (mercury.rus.uni-stuttgart.de [129.69.1.226]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6IGrvq07607 for ; Wed, 18 Jul 2001 09:53:57 -0700 (PDT) Received: from rusfw by mercury.rus.uni-stuttgart.de with local (Exim 3.22 #1) id 15MuYK-0005uW-00; Wed, 18 Jul 2001 18:52:00 +0200 To: Will Price Cc: Werner Koch , "openPGP e-Mail (E-Mail)" Subject: Re: [urgent] PGP/MIME IANA considerations: file extensions, Macintosh file type codes. References: <20010703114448.C32064@sobolev.does-not-exist.org> <3B549BAF.D334E139@cyphers.net> <20010718001048.C22823@sobolev.does-not-exist.org> From: Florian Weimer Date: 18 Jul 2001 18:52:00 +0200 In-Reply-To: <20010718001048.C22823@sobolev.does-not-exist.org> (Thomas Roessler's message of "Wed, 18 Jul 2001 00:10:48 +0200") Message-ID: Lines: 24 User-Agent: Gnus/5.090001 (Oort Gnus v0.01) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Thomas Roessler writes: > So what change do you suggest? Should I replace the extension in 9.2 > by ".sig", or list ".asc" and ".sig"? (I also note that PGP 2.6 and > PGP 5.0i generate ".asc" for ASCII-armored detached signatures on my > Linux machine; gnupg generates ".sig".) > > And what file type and extension am I supposed to put in there for > ascii-armored public keys? ".asc" and "TEXT"? ".pkr" and "pgPR"? None > of these seem to make terribly much sense to me. > > Or should I just drop extensions and Mac file types? I would do so for the detached signature. I don't think there is enough time to check all the interoperability issues. For the public key ring file, I would rather drop the requirement that the content is 7bit ASCII-armored and mention that the extensions .pkr, .pgp, .pkr and .asc are common. -- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898 From owner-ietf-openpgp@mail.imc.org Wed Jul 18 15:47:09 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id PAA15990 for ; Wed, 18 Jul 2001 15:47:09 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6IJZAa12808 for ietf-openpgp-bks; Wed, 18 Jul 2001 12:35:10 -0700 (PDT) Received: from smtp2.nikoma.de (smtp2.nikoma.de [212.122.128.25]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6IJZ8q12804 for ; Wed, 18 Jul 2001 12:35:08 -0700 (PDT) Received: from sobolev.does-not-exist.org (dialin24.pg5-nt.dusseldorf.nikoma.de [213.54.100.24]) by smtp2.nikoma.de (8.9.3/8.9.3) with ESMTP id VAA83570; Wed, 18 Jul 2001 21:34:48 +0200 (CEST) (envelope-from roessler@does-not-exist.org) Received: by sobolev.does-not-exist.org (Postfix, from userid 1000) id 4F0282ED15; Wed, 18 Jul 2001 21:33:53 +0200 (CEST) Date: Wed, 18 Jul 2001 21:33:53 +0200 From: Thomas Roessler To: Florian Weimer Cc: Will Price , Werner Koch , "openPGP e-Mail (E-Mail)" Subject: Re: [urgent] PGP/MIME IANA considerations: file extensions, Macintosh file type codes. Message-ID: <20010718213353.A1275@sobolev.does-not-exist.org> Mail-Followup-To: Florian Weimer , Will Price , Werner Koch , "openPGP e-Mail (E-Mail)" References: <20010703114448.C32064@sobolev.does-not-exist.org> <3B549BAF.D334E139@cyphers.net> <20010718001048.C22823@sobolev.does-not-exist.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.19i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 2001-07-18 18:52:00 +0200, Florian Weimer wrote: >>Or should I just drop extensions and Mac file types? >I would do so for the detached signature. I don't think there is >enough time to check all the interoperability issues. >For the public key ring file, I would rather drop the requirement that >the content is 7bit ASCII-armored and mention that the extensions >.pkr, .pgp, .pkr and .asc are common. Well, changing content-transfer-encoding requirements after WG last call (and in a way which breaks old software's expectations) doesn't look like the best idea since the invention of sliced bread to me. But anyway, if NAI isn't interested in finding a reasonable solution for this stuff, I'll just leave it out. -- Thomas Roessler http://log.does-not-exist.org/ From owner-ietf-openpgp@mail.imc.org Thu Jul 19 05:44:48 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id FAA10665 for ; Thu, 19 Jul 2001 05:44:48 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6J9UWl02126 for ietf-openpgp-bks; Thu, 19 Jul 2001 02:30:32 -0700 (PDT) Received: from smtp1.nikoma.de (smtp1.nikoma.de [212.122.128.19]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6J9UUq02114 for ; Thu, 19 Jul 2001 02:30:30 -0700 (PDT) Received: from sobolev.does-not-exist.org (dialin192.pg2-nt.dusseldorf.nikoma.de [213.54.97.192]) by smtp1.nikoma.de (8.9.3/8.9.3) with ESMTP id LAA57369; Thu, 19 Jul 2001 11:30:02 +0200 (CEST) (envelope-from roessler@does-not-exist.org) Received: by sobolev.does-not-exist.org (Postfix, from userid 1000) id 48E682ED15; Thu, 19 Jul 2001 11:29:12 +0200 (CEST) Date: Thu, 19 Jul 2001 11:29:12 +0200 From: Thomas Roessler To: "openPGP e-Mail (E-Mail)" , John W Noerenberg II Subject: [today] New draft for IANA considerations change Message-ID: <20010719112912.A8031@sobolev.does-not-exist.org> Mail-Followup-To: "openPGP e-Mail (E-Mail)" , John W Noerenberg II Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="fUYQa+Pmc3FrFX/N" Content-Disposition: inline User-Agent: Mutt/1.3.19i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --fUYQa+Pmc3FrFX/N Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I'll submit a version with the following IANA considerations section=20 at 1900 GMT, today. Please raise any objections NOW. Changes: - asc and sig are given as extensions for application/pgp-signature - no Macintosh file type is given for application/pgp-keys This version is based on a conversation with Werner Koch. I have=20 received no further feed-back from NAI. >9. IANA Considerations > > This document defines three media types: "application/pgp-encrypted", > "application/pgp-signature" and "application/pgp-keys". The following > sections specify the IANA registrations for these types. > >9.1. Registration of the application/pgp-encrypted media type > > MIME media type name: application > MIME subtype name: pgp-encrypted > Required parameters: none > Optional parameters: none > > Encoding considerations: > > Currently this media type always consists of a single 7bit text > string. > > Security considerations: > > See Section 8 and RFC 2440 Section 13. > > Interoperability considerations: none > > Published specification: > > This document. > > Additional information: > > Magic number(s): none > File extension(s): none > Macintosh File Type Code(s): none > > Person & email address to contact for further information: > > Michael Elkins > Email: me@cs.hmc.edu > > Intended usage: common > > Author/Change controller: > > Michael Elkins > Email: me@cs.hmc.edu > > >9.2. Registration of the application/pgp-signature media type > > MIME media type name: application > MIME subtype name: pgp-signature > Required parameters: none > Optional parameters: none > > Encoding considerations: > > The content of this media type always consists of 7bit text. > > Security considerations: > > See Section 8 and RFC 2440 Section 13. > > Interoperability considerations: none > > Published specification: > > RFC 2440 and this document. > > Additional information: > > Magic number(s): none > File extension(s): asc, sig > Macintosh File Type Code(s): pgDS > > Person & email address to contact for further information: > > Michael Elkins > Email: me@cs.hmc.edu > > Intended usage: common > > Author/Change controller: > > Michael Elkins > Email: me@cs.hmc.edu > > >9.3. Registration of the application/pgp-keys media type > > MIME media type name: application > MIME subtype name: pgp-keys > Required parameters: none > Optional parameters: none > > Encoding considerations: > > The content of this media type always consists of 7bit text. > > Security considerations: > > See Section 8 and RFC 2440 Section 13. > > Interoperability considerations: none > > Published specification: > > RFC 2440 and this document. > > Additional information: > > Magic number(s): none > File extension(s): asc > Macintosh File Type Code(s): none > > Person & email address to contact for further information: > > Michael Elkins > Email: me@cs.hmc.edu > > Intended usage: common > > Author/Change controller: > > Michael Elkins > Email: me@cs.hmc.edu > --=20 Thomas Roessler http://log.does-not-exist.org/ --fUYQa+Pmc3FrFX/N Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) iQEVAwUBO1aoaNImKUTOasbBAQIuYAf/RnmiLj7a4p3dZKmzjLSxzpyHLQ20Px1m rh9ryzj/zUywqilHCppN3MHwbcSwBxfVp8eH5tHKvEC2upmZok5nvOnuQNXW+1xi Dfyx3SHeL8rSMraZ7LoqvrMDn+Apa23ZlhIHAz+d5gPRlXJzmgca11HTAkMo6M5/ NokzwfCqIcKnLFfKydETF1WoVBTC0TnqeLlTeyRFzKoZnSYtGGu9RxqGX/OQl194 XiXtkPyJRoY0pV12vY3ONJJ9K07lGiloxgp4syVDODWexX3XlB3oo+EHYEg9c5oT WM5tU8Nb2T9iONlpszXu/AP6BYzjgENBvvvHVVMGgLu0aWaBvGWX+A== =/APz -----END PGP SIGNATURE----- --fUYQa+Pmc3FrFX/N-- From owner-ietf-openpgp@mail.imc.org Thu Jul 19 16:56:34 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id QAA12343 for ; Thu, 19 Jul 2001 16:56:32 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6JKZNV05448 for ietf-openpgp-bks; Thu, 19 Jul 2001 13:35:23 -0700 (PDT) Received: from mage.qualcomm.com (mage.qualcomm.com [129.46.65.64]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6JKZMq05444 for ; Thu, 19 Jul 2001 13:35:22 -0700 (PDT) Received: from [129.46.77.172] (dhcp256.qualcomm.com [129.46.77.172]) by mage.qualcomm.com (8.11.3/8.11.3/1.0) with ESMTP id f6JKZ3K28567; Thu, 19 Jul 2001 13:35:03 -0700 (PDT) Mime-Version: 1.0 X-Sender: jwn2@mage.qualcomm.com Message-Id: In-Reply-To: <20010719112912.A8031@sobolev.does-not-exist.org> References: <20010719112912.A8031@sobolev.does-not-exist.org> X-Mailer: eudora51-ffc10713011434 X-PGP-RSA-Fingerprint: EA53 01A6 C076 F9C2 09E8 9480 645A 8857 X-PGP-DH-Fingerprint: 4F5E 56C9 BD4D 0227 331F 6AEE 9590 24F9 6FD7 04F8 Date: Thu, 19 Jul 2001 13:35:09 -0700 To: Thomas Roessler From: John W Noerenberg II Subject: Re: [today] New draft for IANA considerations change Cc: "openPGP e-Mail (E-Mail)" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 11:29 AM +0200 7/19/01, Thomas Roessler wrote: >I'll submit a version with the following IANA considerations section >at 1900 GMT, today. Please raise any objections NOW. > >Changes: > >- asc and sig are given as extensions for application/pgp-signature >- no Macintosh file type is given for application/pgp-keys > >This version is based on a conversation with Werner Koch. I have >received no further feed-back from NAI. We'll let the Mac stuff go. The files are self-describing. Mac implementers are just going to have to figure it out from the content of the files. The file types are parameters on the MIME labels. But the file types are a local issue, not something for over the wire, anyway.... I compared -07 and -08. Changes are fine. - -- john noerenberg jwn2@qualcomm.com -------------------------------------------------------------------------- Peace of mind isn't at all superficial, really. It's the whole thing. That which produces it is good maintenance; that which disturbs it is poor maintenance. -- Zen and the Art of Motorcycle Maintenance, Robert M. Pirsig, 1974 -------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use iQA/AwUBO1dEhJWQJPlv1wT4EQIruACgtK7jfucggUM6Mf+R9Lf52x9ZRhEAn3q8 5wb1GLT9HAwTNe24thDAcxIu =19h0 -----END PGP SIGNATURE----- From owner-ietf-openpgp@mail.imc.org Thu Jul 19 18:04:40 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA26509 for ; Thu, 19 Jul 2001 18:04:38 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6JLgb207753 for ietf-openpgp-bks; Thu, 19 Jul 2001 14:42:37 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6JLfnq07729 for ; Thu, 19 Jul 2001 14:41:49 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA11787; Thu, 19 Jul 2001 16:52:04 -0400 (EDT) Message-Id: <200107192052.QAA11787@ietf.org> To: IETF-Announce: ; Cc: RFC Editor Cc: Internet Architecture Board Cc: ietf-openpgp@imc.org From: The IESG Subject: Protocol Action: MIME Security with OpenPGP to Proposed Standard Date: Thu, 19 Jul 2001 16:52:04 -0400 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: The IESG has approved the Internet-Draft 'MIME Security with OpenPGP' as a Proposed Standard. This document is the product of the An Open Specification for Pretty Good Privacy Working Group. The IESG contact persons are Jeffrey Schiller and Marcus Leech. Technical Summary This document defines a MIME encapsulation for the OpenPGP Message Format. It is an update of RFC2015 taking into account lessons learned during the deployment of RFC2015 based systems. Security protocols provide a unique challenge for MIME based systems. Specifically it must be ensured that the binary representation of a message is not altered by a MIME aware gateway. Modification, if present will always break any provided digital signatures. Yet the obvious mechanism to ensure this in MIME is to encode the message in such a fashion that it is not human readable. This document defines how to best protect a message from unwanted modification while at the same time managing to keep the actual message format human readable. Working Group Summary The working group came to consensus on this document. Protocol Quality Jeffrey I. Schiller reviewed this protocol for the IETF. From owner-ietf-openpgp@mail.imc.org Mon Jul 23 07:05:01 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id HAA10361 for ; Mon, 23 Jul 2001 07:05:00 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6NAdZU16286 for ietf-openpgp-bks; Mon, 23 Jul 2001 03:39:35 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6NAdUq16282 for ; Mon, 23 Jul 2001 03:39:30 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA08997; Mon, 23 Jul 2001 06:37:58 -0400 (EDT) Message-Id: <200107231037.GAA08997@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-openpgp@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-openpgp-mime-08.txt Date: Mon, 23 Jul 2001 06:37:58 -0400 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the An Open Specification for Pretty Good Privacy Working Group of the IETF. Title : MIME Security with OpenPGP Author(s) : M. Elkins, D. Del Torto, R. Levien, T. Roessler Filename : draft-ietf-openpgp-mime-08.txt Pages : 15 Date : 20-Jul-01 This document describes how the OpenPGP Message Format [1] can be used to provide privacy and authentication using the Multipurpose Internet Mail Extensions (MIME) security content types described in RFC1847 [2]. This draft is being discussed on the 'ietf-openpgp' mailing list. To join the list, send a message to with the single word 'subscribe' in the subject. An archive of the working group's list is located at . A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-openpgp-mime-08.txt Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-openpgp-mime-08.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-openpgp-mime-08.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20010720082610.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-openpgp-mime-08.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-openpgp-mime-08.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20010720082610.I-D@ietf.org> --OtherAccess-- --NextPart-- From owner-ietf-openpgp@mail.imc.org Mon Jul 23 23:42:10 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id XAA10874 for ; Mon, 23 Jul 2001 23:42:10 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6O3R3u14042 for ietf-openpgp-bks; Mon, 23 Jul 2001 20:27:03 -0700 (PDT) Received: from claude.kendall.akamai.com (walrus.ne.mediaone.net [65.96.217.45]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6O3R1G14038 for ; Mon, 23 Jul 2001 20:27:01 -0700 (PDT) Received: (from dshaw@localhost) by claude.kendall.akamai.com (8.9.3/8.9.3) id XAA01895 for ietf-openpgp@imc.org; Mon, 23 Jul 2001 23:26:57 -0400 Date: Mon, 23 Jul 2001 23:26:57 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Question about Notation Data and URLs Message-ID: <20010723232657.C640@akamai.com> Mail-Followup-To: ietf-openpgp@imc.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-PGP-Key: 2048R/3CB3B415/4D 96 83 18 2B AF BE 45 D0 07 C4 07 51 37 B3 18 X-URL: http://www.jabberwocky.com/ X-Phase-Of-Moon: The Moon is Waxing Crescent (15% of Full) X-Pointless-Random-Number: 203 X-Silly-Header: It sure is. Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Given the improvement to the Notation Data packet in draft-ietf-openpgp-rfc2440bis-02, I am curious as to the future use of the Policy URL and Preferred keyserver packets. Instead of having additional packet types, wouldn't it be simpler to have a notation with the name being "POLICYURL" or the like, and the value being the URL? I'm aware that Policy URL and Preferred keyserver already existed in rfc2440, and that some code already uses them which is probably enough of a reason not to get rid of them right there :) It would be nice though code-wise to be able to put all attributes like that in a single type of packet. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From owner-ietf-openpgp@mail.imc.org Wed Jul 25 18:50:07 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA18362 for ; Wed, 25 Jul 2001 18:50:04 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6PMYln02451 for ietf-openpgp-bks; Wed, 25 Jul 2001 15:34:47 -0700 (PDT) Received: from claude.kendall.akamai.com (wirefire.akamai.com [64.14.77.8]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6PMYjs02447 for ; Wed, 25 Jul 2001 15:34:46 -0700 (PDT) Received: (from dshaw@localhost) by claude.kendall.akamai.com (8.9.3/8.9.3) id SAA02968 for ietf-openpgp@imc.org; Wed, 25 Jul 2001 18:34:46 -0400 Date: Wed, 25 Jul 2001 18:34:46 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Notation data suggestion for rfc2440bis-02 Message-ID: <20010725183446.F1396@akamai.com> Mail-Followup-To: ietf-openpgp@imc.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-PGP-Key: 2048R/3CB3B415/4D 96 83 18 2B AF BE 45 D0 07 C4 07 51 37 B3 18 X-URL: http://www.jabberwocky.com/ X-Phase-Of-Moon: The Moon is Waxing Crescent (33% of Full) X-Pointless-Random-Number: 0 X-Silly-Header: It sure is. Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I have a suggestion for rfc2440bis, section 5.2.3.16 (Notation Data). The design to divide the notation "name" namespace into IETF and user-controlled spaces is very good as it allows for people to add their own notations that may or may not be applicable to the world at large, but are still usable for anyone who is interested. Since the user space naming scheme is, in effect, an email address (being a name @ a DNS domain), I'd like to suggest adding something like this: Since the user name space is in the form of an email address, implementors MAY wish to arrange for that address to reach a person who can be consulted about the use of the named tag. Note that due to UTF-8 encoding, not all valid user space name tags are valid email addresses. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From owner-ietf-openpgp@mail.imc.org Sun Jul 29 04:06:41 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id EAA10747 for ; Sun, 29 Jul 2001 04:06:40 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6T7nLb18274 for ietf-openpgp-bks; Sun, 29 Jul 2001 00:49:21 -0700 (PDT) Received: from tango.SoftHome.net (tango.SoftHome.net [204.144.231.49]) by above.proper.com (8.11.3/8.11.3) with SMTP id f6T7nKs18270 for ; Sun, 29 Jul 2001 00:49:20 -0700 (PDT) Received: (qmail 6627 invoked by uid 417); 29 Jul 2001 07:56:43 -0000 Received: from 209-6-130-224.s224.tnt5.mnh.nh.dialup.rcn.com (HELO softhome.net) (209.6.130.224) by i-softhome-tango with SMTP; 29 Jul 2001 07:56:43 -0000 Message-ID: <3B63BFC7.35DE6CED@softhome.net> Date: Sun, 29 Jul 2001 03:48:24 -0400 From: John Kane X-Mailer: Mozilla 4.61 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: ietf-openpgp@imc.org Subject: 8bit text in Comment line (i18n) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Some of the KDE people (Mark Mutz, Ingo Kloecker) noted: http://lists.gnupg.org/pipermail/gnupg-users/2001-July/009397.html that ascii-armor comment lines may contain non-7-bit text. It is not clear whether this is a "SHOULD warn" situation. I see no clause defining the charset of text in Armor Headers. Should an armored block be constrained to use only 7-bit mail-safe characters, or should it be stated that Armor Headers may be in UTF-8, or native charset, or what? Either user-defined text in Armor Headers MAY contain non-7-bit characters, or SHOULD NOT, or MUST NOT. If non-7-bit text is allowed, there ought to be a note in 2440/6.2 which warns that the use of an 8-bit charset will make the 'armored' output non-mail-safe. From owner-ietf-openpgp@mail.imc.org Sun Jul 29 04:54:23 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id EAA13287 for ; Sun, 29 Jul 2001 04:54:23 -0400 (EDT) Received: by above.proper.com (8.11.3/8.11.3) id f6T8f3l22410 for ietf-openpgp-bks; Sun, 29 Jul 2001 01:41:03 -0700 (PDT) Received: from mercury.rus.uni-stuttgart.de (mercury.rus.uni-stuttgart.de [129.69.1.226]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6T8f2s22401 for ; Sun, 29 Jul 2001 01:41:02 -0700 (PDT) Received: from rusfw by mercury.rus.uni-stuttgart.de with local (Exim 3.22 #1) id 15Qm80-0005r0-00 for ietf-openpgp@imc.org; Sun, 29 Jul 2001 10:40:48 +0200 To: ietf-openpgp@imc.org Subject: Re: 8bit text in Comment line (i18n) References: <3B63BFC7.35DE6CED@softhome.net> From: Florian Weimer Date: 29 Jul 2001 10:40:48 +0200 In-Reply-To: <3B63BFC7.35DE6CED@softhome.net> (John Kane's message of "Sun, 29 Jul 2001 03:48:24 -0400") Message-ID: Lines: 11 User-Agent: Gnus/5.090001 (Oort Gnus v0.01) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: John Kane writes: > I see no clause defining the charset of text in Armor Headers. All text in RFC 2440 messages is encoded in UTF-8, unless otherwise stated. -- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898 From owner-ietf-openpgp@mail.imc.org Sun Jul 29 05:56:52 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id FAA14670 for ; Sun, 29 Jul 2001 05:56:52 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6T9nLM26972 for ietf-openpgp-bks; Sun, 29 Jul 2001 02:49:21 -0700 (PDT) Received: from smtp2.nikoma.de (smtp2.nikoma.de [212.122.128.25]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6T9nIs26960 for ; Sun, 29 Jul 2001 02:49:19 -0700 (PDT) Received: from sobolev.does-not-exist.org (dialin13.pg2-nt.dusseldorf.nikoma.de [213.54.97.13]) by smtp2.nikoma.de (8.9.3/8.9.3) with ESMTP id LAA93111; Sun, 29 Jul 2001 11:48:56 +0200 (CEST) (envelope-from roessler@does-not-exist.org) Received: by sobolev.does-not-exist.org (Postfix, from userid 1000) id 8EC9C2ED19; Sun, 29 Jul 2001 11:33:41 +0200 (CEST) Date: Sun, 29 Jul 2001 11:33:41 +0200 From: Thomas Roessler To: John Kane Cc: ietf-openpgp@imc.org Subject: Re: 8bit text in Comment line (i18n) Message-ID: <20010729113341.C29295@sobolev.does-not-exist.org> Mail-Followup-To: John Kane , ietf-openpgp@imc.org References: <3B63BFC7.35DE6CED@softhome.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <3B63BFC7.35DE6CED@softhome.net> User-Agent: Mutt/1.3.20i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 2001-07-29 03:48:24 -0400, John Kane wrote: >I see no clause defining the charset of text in Armor Headers. >Should an armored block be constrained to use only 7-bit mail-safe >characters, or should it be stated that Armor Headers may be in >UTF-8, or native charset, or what? There's a reason why it's called ASCII armor, and not UTF-8 armor, and at least PGP/MIME relies on ASCII armor being actually restricted 7bit characters. I don't think that vanity armor headers in arbitrary character sets are even remotely worth the hassles and effort which they generate. -- Thomas Roessler http://log.does-not-exist.org/ From owner-ietf-openpgp@mail.imc.org Sun Jul 29 19:02:59 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id TAA06381 for ; Sun, 29 Jul 2001 19:02:58 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6TMlfe16373 for ietf-openpgp-bks; Sun, 29 Jul 2001 15:47:41 -0700 (PDT) Received: from tango.SoftHome.net (tango.SoftHome.net [204.144.231.49]) by above.proper.com (8.11.3/8.11.3) with SMTP id f6TMles16369 for ; Sun, 29 Jul 2001 15:47:40 -0700 (PDT) Received: (qmail 17763 invoked by uid 417); 29 Jul 2001 22:55:00 -0000 Received: from 209-6-138-194.s194.tnt2.mnh.nh.dialup.rcn.com (HELO softhome.net) (209.6.138.194) by i-softhome-tango with SMTP; 29 Jul 2001 22:55:00 -0000 Message-ID: <3B649243.2F3B63F2@softhome.net> Date: Sun, 29 Jul 2001 18:46:27 -0400 From: John Kane X-Mailer: Mozilla 4.61 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: ietf-openpgp@imc.org Subject: Re: 8bit text in Comment line (i18n) References: <3B63BFC7.35DE6CED@softhome.net> <20010729113341.C29295@sobolev.does-not-exist.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit > arbitrary character sets [aren't] even remotely worth the hassles Amen. But in rfc2440bis-02, this is the complete definition: Concatenating the following data creates ASCII Armor and: - "Comment", a user-defined comment. There is nothing in the spec which requires an implementation to drop non-ascii characters. Currently, an implementation which emits 0x80-0xFF octets in an Armor Header is rfc2440-compliant. I don't like this, but that's the way it reads. Certain implementations are already emitting native 8-bit text in comments. (...presumably by accident...) If you want to ensure that ASCII Armor blocks contain only the basic 95 printable characters, you'll need to put something in section 6.2 which says that the 'data' which is concatenated to form ASCII Armor must itself be pure 0x20-0x7E ASCII. Currently this is not part of the spec. Even something as simple as: "Comment", a user-defined 7-bit ASCII comment. might be sufficient. From owner-ietf-openpgp@mail.imc.org Mon Jul 30 06:15:14 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id GAA13675 for ; Mon, 30 Jul 2001 06:15:13 -0400 (EDT) Received: by above.proper.com (8.11.3/8.11.3) id f6U9ofp21039 for ietf-openpgp-bks; Mon, 30 Jul 2001 02:50:41 -0700 (PDT) Received: from smtp1.nikoma.de (smtp1.nikoma.de [212.122.128.19]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6U9ods21030 for ; Mon, 30 Jul 2001 02:50:39 -0700 (PDT) Received: from sobolev.does-not-exist.org (dialin190.pg4-nt.dusseldorf.nikoma.de [213.54.99.190]) by smtp1.nikoma.de (8.9.3/8.9.3) with ESMTP id LAA64661; Mon, 30 Jul 2001 11:49:53 +0200 (CEST) (envelope-from roessler@does-not-exist.org) Received: by sobolev.does-not-exist.org (Postfix, from userid 1000) id 126A92ED15; Mon, 30 Jul 2001 11:23:57 +0200 (CEST) Date: Mon, 30 Jul 2001 11:23:57 +0200 From: Thomas Roessler To: John Kane , Jon Callas Cc: ietf-openpgp@imc.org Subject: Forbidding 8bit text in Armor comments Message-ID: <20010730112356.F9495@sobolev.does-not-exist.org> Mail-Followup-To: John Kane , Jon Callas , ietf-openpgp@imc.org References: <3B63BFC7.35DE6CED@softhome.net> <20010729113341.C29295@sobolev.does-not-exist.org> <3B649243.2F3B63F2@softhome.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <3B649243.2F3B63F2@softhome.net> User-Agent: Mutt/1.3.20i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 2001-07-29 18:46:27 -0400, John Kane wrote: >If you want to ensure that ASCII Armor blocks contain only the >basic 95 printable characters, you'll need to put something in >section 6.2 which says that the 'data' which is concatenated to >form ASCII Armor must itself be pure 0x20-0x7E ASCII. Currently >this is not part of the spec. Precisely. Jon? -- Thomas Roessler http://log.does-not-exist.org/ From owner-ietf-openpgp@mail.imc.org Mon Jul 30 20:50:23 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id UAA04743 for ; Mon, 30 Jul 2001 20:50:22 -0400 (EDT) Received: by above.proper.com (8.11.3/8.11.3) id f6V0dFN16327 for ietf-openpgp-bks; Mon, 30 Jul 2001 17:39:15 -0700 (PDT) Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6V0dDs16323 for ; Mon, 30 Jul 2001 17:39:13 -0700 (PDT) Received: from [63.73.97.189] (64.69.113.115) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.0.3); Mon, 30 Jul 2001 17:39:05 -0700 Mime-Version: 1.0 X-Sender: jon@63.73.97.162 Message-Id: In-Reply-To: <20010730112356.F9495@sobolev.does-not-exist.org> References: <3B63BFC7.35DE6CED@softhome.net> <20010729113341.C29295@sobolev.does-not-exist.org> <3B649243.2F3B63F2@softhome.net> <20010730112356.F9495@sobolev.does-not-exist.org> Date: Mon, 30 Jul 2001 17:38:48 -0700 To: Thomas Roessler , John Kane From: Jon Callas Subject: Re: Forbidding 8bit text in Armor comments Cc: ietf-openpgp@imc.org Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: At 11:23 AM +0200 7/30/01, Thomas Roessler wrote: >On 2001-07-29 18:46:27 -0400, John Kane wrote: > >>If you want to ensure that ASCII Armor blocks contain only the >>basic 95 printable characters, you'll need to put something in >>section 6.2 which says that the 'data' which is concatenated to >>form ASCII Armor must itself be pure 0x20-0x7E ASCII. Currently >>this is not part of the spec. > >Precisely. Jon? Forgive me for being dense, but I don't completely understand the problem. The armor portion of ASCII armor completely defines what is there, so that they pass through some potentially damaging transport. However, the comment line is precisely that -- it's a comment for people, not for the machines. In practice, it's a bumper-sticker field that people use to advertise their favorite implementation or the slogan of the week. If it gets mangled by a transport, it doesn't cause the protocol any problems. The ASCII armor still transfers the secure object. I don't see the problem in the comment line being UTF-8 (and it never occurred to me that it wasn't). After all, there's an IETF meta-rule that text is supposed to be UTF-8 unless there's a really, really good reason for it not to be. So I have to ask -- why shouldn't someone be able to put UTF-8 there? What's wrong with it? Jon From owner-ietf-openpgp@mail.imc.org Mon Jul 30 22:55:50 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id WAA12849 for ; Mon, 30 Jul 2001 22:55:49 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6V2fGR18048 for ietf-openpgp-bks; Mon, 30 Jul 2001 19:41:16 -0700 (PDT) Received: from tango.SoftHome.net (tango.SoftHome.net [204.144.231.49]) by above.proper.com (8.11.3/8.11.3) with SMTP id f6V2fFs18044 for ; Mon, 30 Jul 2001 19:41:15 -0700 (PDT) Received: (qmail 15699 invoked by uid 417); 31 Jul 2001 02:48:51 -0000 Received: from 209-6-136-54.s54.tnt1.mnh.nh.dialup.rcn.com (HELO softhome.net) (209.6.136.54) by i-softhome-tango with SMTP; 31 Jul 2001 02:48:51 -0000 Message-ID: <3B661554.264B975F@softhome.net> Date: Mon, 30 Jul 2001 22:17:59 -0400 From: John Kane X-Mailer: Mozilla 4.61 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: Jon Callas CC: ietf-openpgp@imc.org Subject: Re: Forbidding 8bit text in Armor comments References: <3B63BFC7.35DE6CED@softhome.net> <20010729113341.C29295@sobolev.does-not-exist.org> <3B649243.2F3B63F2@softhome.net> <20010730112356.F9495@sobolev.does-not-exist.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Jon Callas wrote: > If it gets mangled by a transport, it doesn't cause > the protocol any problems. In some environments, 0x8A translates to 0x0A/CRLF. The KDE / Mime team discovered rfc2440 implementations which emit comments in the native 8-bit charset. This breaks Mime unless they re-encode the entire block in radix-64, which conflicts with a PGP/Mime requirement that certain OpenPGP Armored formats MUST be left in their native "----- BEGIN ... ----- END" format. They can't use the '=FF' mechanism because it would encode the '=' terminators in the armor. PGP/Mime needs its ASCII Armor to be pure 7-bit ASCII. From owner-ietf-openpgp@mail.imc.org Mon Jul 30 23:53:52 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id XAA15226 for ; Mon, 30 Jul 2001 23:53:51 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6V3j9X19128 for ietf-openpgp-bks; Mon, 30 Jul 2001 20:45:09 -0700 (PDT) Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6V3j7s19123 for ; Mon, 30 Jul 2001 20:45:07 -0700 (PDT) Received: from [63.73.97.187] (63.73.97.187) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.0.3); Mon, 30 Jul 2001 20:45:09 -0700 Mime-Version: 1.0 X-Sender: jon@63.73.97.162 Message-Id: In-Reply-To: <3B661554.264B975F@softhome.net> References: <3B63BFC7.35DE6CED@softhome.net> <20010729113341.C29295@sobolev.does-not-exist.org> <3B649243.2F3B63F2@softhome.net> <20010730112356.F9495@sobolev.does-not-exist.org> <3B661554.264B975F@softhome.net> Date: Mon, 30 Jul 2001 20:40:33 -0700 To: John Kane From: Jon Callas Subject: Re: Forbidding 8bit text in Armor comments Cc: ietf-openpgp@imc.org Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: At 10:17 PM -0400 7/30/01, John Kane wrote: >The KDE / Mime team discovered rfc2440 implementations >which emit comments in the native 8-bit charset. >This breaks Mime unless they re-encode the entire block >in radix-64, which conflicts with a PGP/Mime requirement >that certain OpenPGP Armored formats MUST be left in >their native "----- BEGIN ... ----- END" format. > >They can't use the '=FF' mechanism because it would >encode the '=' terminators in the armor. > >PGP/Mime needs its ASCII Armor to be pure 7-bit ASCII. Here are questions I have: Is this an implementation problem, or a standard problem? How many people outside of North America going to scream if we all of a sudden limit it to 7-bit? Is UTF-7 an answer, or a disgusting hack (having to parse two UTFs)? Jon From owner-ietf-openpgp@mail.imc.org Tue Jul 31 01:39:30 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id BAA22761 for ; Tue, 31 Jul 2001 01:39:29 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6V5Svm20970 for ietf-openpgp-bks; Mon, 30 Jul 2001 22:28:57 -0700 (PDT) Received: from smtp2.nikoma.de (smtp2.nikoma.de [212.122.128.25]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6V5Sts20966 for ; Mon, 30 Jul 2001 22:28:55 -0700 (PDT) Received: from sobolev.does-not-exist.org (dialin183.pg4-nt.dusseldorf.nikoma.de [213.54.99.183]) by smtp2.nikoma.de (8.9.3/8.9.3) with ESMTP id HAA40762; Tue, 31 Jul 2001 07:28:52 +0200 (CEST) (envelope-from roessler@does-not-exist.org) Received: by sobolev.does-not-exist.org (Postfix, from userid 1000) id D77D42ED15; Tue, 31 Jul 2001 07:28:45 +0200 (CEST) Date: Tue, 31 Jul 2001 07:28:45 +0200 From: Thomas Roessler To: Jon Callas Cc: John Kane , ietf-openpgp@imc.org Subject: Re: Forbidding 8bit text in Armor comments Message-ID: <20010731072845.B5997@sobolev.does-not-exist.org> Mail-Followup-To: Jon Callas , John Kane , ietf-openpgp@imc.org References: <3B63BFC7.35DE6CED@softhome.net> <20010729113341.C29295@sobolev.does-not-exist.org> <3B649243.2F3B63F2@softhome.net> <20010730112356.F9495@sobolev.does-not-exist.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.20i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 2001-07-30 17:38:48 -0700, Jon Callas wrote: >However, the comment line is precisely that -- it's a comment for >people, not for the machines. Embedded in data which should normally never be presented to people in that form. A very useful concept, indeed. >In practice, it's a bumper-sticker field that people use to >advertise their favorite implementation or the slogan of the week. >If it gets mangled by a transport, it doesn't cause the protocol >any problems. The ASCII armor still transfers the secure object. True. But still, with e-mail transfer, an utf-8 comment header would make it necessary to MIME-encode ASCII armor, which sounds extremely ugly, and would possibly kind of break PGP/MIME's tradition (ever since RFC 2015) of using ASCII armor _instead_ _of_ MIME encodings. -- Thomas Roessler http://log.does-not-exist.org/ From owner-ietf-openpgp@mail.imc.org Tue Jul 31 03:51:53 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id DAA09012 for ; Tue, 31 Jul 2001 03:51:52 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6V7cFQ08877 for ietf-openpgp-bks; Tue, 31 Jul 2001 00:38:15 -0700 (PDT) Received: from kasiski.gnupg.de (porta.u64.de [194.77.88.106]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6V7cCs08870 for ; Tue, 31 Jul 2001 00:38:13 -0700 (PDT) Received: from uucp by kasiski.gnupg.de with local-rmail (Exim 3.22 #1 (Debian)) id 15RUtK-0002gj-00; Tue, 31 Jul 2001 10:28:38 +0200 Received: from wk by alberti.gnupg.de with local (Exim 3.22 #1 (Debian)) id 15RU7X-0002Mp-00; Tue, 31 Jul 2001 09:39:15 +0200 To: Jon Callas Cc: John Kane , ietf-openpgp@imc.org Subject: Re: Forbidding 8bit text in Armor comments References: <3B63BFC7.35DE6CED@softhome.net> <20010729113341.C29295@sobolev.does-not-exist.org> <3B649243.2F3B63F2@softhome.net> <20010730112356.F9495@sobolev.does-not-exist.org> <3B661554.264B975F@softhome.net> From: Werner Koch Organisation: g10 Code GmbH X-PGP-KeyID: 621CC013 X-Request-PGP: finger:wk@porta.u64.de Date: 31 Jul 2001 09:39:15 +0200 In-Reply-To: (Jon Callas's message of "Mon, 30 Jul 2001 20:40:33 -0700") Message-ID: <87ofq1a6os.fsf@alberti.gnupg.de> Lines: 19 User-Agent: Gnus/5.090004 (Oort Gnus v0.04) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, 30 Jul 2001 20:40:33 -0700, Jon Callas said: > Is this an implementation problem, or a standard problem? It is a matter how the implementation is used to create an rfc2015 compliant message. Some translations of GnuPG do translate the default comment string and then you might see non ascii characters. The solution is to use "gpg --comment '' ..." to disable the armor commentline or use sed to cut it out later. So it is definitely not a standard problem. Werner -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6V7cFQ08877 for ietf-openpgp-bks; Tue, 31 Jul 2001 00:38:15 -0700 (PDT) Received: from kasiski.gnupg.de (porta.u64.de [194.77.88.106]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6V7cCs08870 for ; Tue, 31 Jul 2001 00:38:13 -0700 (PDT) Received: from uucp by kasiski.gnupg.de with local-rmail (Exim 3.22 #1 (Debian)) id 15RUtK-0002gj-00; Tue, 31 Jul 2001 10:28:38 +0200 Received: from wk by alberti.gnupg.de with local (Exim 3.22 #1 (Debian)) id 15RU7X-0002Mp-00; Tue, 31 Jul 2001 09:39:15 +0200 To: Jon Callas Cc: John Kane , ietf-openpgp@imc.org Subject: Re: Forbidding 8bit text in Armor comments References: <3B63BFC7.35DE6CED@softhome.net> <20010729113341.C29295@sobolev.does-not-exist.org> <3B649243.2F3B63F2@softhome.net> <20010730112356.F9495@sobolev.does-not-exist.org> <3B661554.264B975F@softhome.net> From: Werner Koch Organisation: g10 Code GmbH X-PGP-KeyID: 621CC013 X-Request-PGP: finger:wk@porta.u64.de Date: 31 Jul 2001 09:39:15 +0200 In-Reply-To: (Jon Callas's message of "Mon, 30 Jul 2001 20:40:33 -0700") Message-ID: <87ofq1a6os.fsf@alberti.gnupg.de> Lines: 19 User-Agent: Gnus/5.090004 (Oort Gnus v0.04) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, 30 Jul 2001 20:40:33 -0700, Jon Callas said: > Is this an implementation problem, or a standard problem? It is a matter how the implementation is used to create an rfc2015 compliant message. Some translations of GnuPG do translate the default comment string and then you might see non ascii characters. The solution is to use "gpg --comment '' ..." to disable the armor commentline or use sed to cut it out later. So it is definitely not a standard problem. Werner -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6V5Svm20970 for ietf-openpgp-bks; Mon, 30 Jul 2001 22:28:57 -0700 (PDT) Received: from smtp2.nikoma.de (smtp2.nikoma.de [212.122.128.25]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6V5Sts20966 for ; Mon, 30 Jul 2001 22:28:55 -0700 (PDT) Received: from sobolev.does-not-exist.org (dialin183.pg4-nt.dusseldorf.nikoma.de [213.54.99.183]) by smtp2.nikoma.de (8.9.3/8.9.3) with ESMTP id HAA40762; Tue, 31 Jul 2001 07:28:52 +0200 (CEST) (envelope-from roessler@does-not-exist.org) Received: by sobolev.does-not-exist.org (Postfix, from userid 1000) id D77D42ED15; Tue, 31 Jul 2001 07:28:45 +0200 (CEST) Date: Tue, 31 Jul 2001 07:28:45 +0200 From: Thomas Roessler To: Jon Callas Cc: John Kane , ietf-openpgp@imc.org Subject: Re: Forbidding 8bit text in Armor comments Message-ID: <20010731072845.B5997@sobolev.does-not-exist.org> Mail-Followup-To: Jon Callas , John Kane , ietf-openpgp@imc.org References: <3B63BFC7.35DE6CED@softhome.net> <20010729113341.C29295@sobolev.does-not-exist.org> <3B649243.2F3B63F2@softhome.net> <20010730112356.F9495@sobolev.does-not-exist.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.20i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 2001-07-30 17:38:48 -0700, Jon Callas wrote: >However, the comment line is precisely that -- it's a comment for >people, not for the machines. Embedded in data which should normally never be presented to people in that form. A very useful concept, indeed. >In practice, it's a bumper-sticker field that people use to >advertise their favorite implementation or the slogan of the week. >If it gets mangled by a transport, it doesn't cause the protocol >any problems. The ASCII armor still transfers the secure object. True. But still, with e-mail transfer, an utf-8 comment header would make it necessary to MIME-encode ASCII armor, which sounds extremely ugly, and would possibly kind of break PGP/MIME's tradition (ever since RFC 2015) of using ASCII armor _instead_ _of_ MIME encodings. -- Thomas Roessler http://log.does-not-exist.org/ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6V3j9X19128 for ietf-openpgp-bks; Mon, 30 Jul 2001 20:45:09 -0700 (PDT) Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6V3j7s19123 for ; Mon, 30 Jul 2001 20:45:07 -0700 (PDT) Received: from [63.73.97.187] (63.73.97.187) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.0.3); Mon, 30 Jul 2001 20:45:09 -0700 Mime-Version: 1.0 X-Sender: jon@63.73.97.162 Message-Id: In-Reply-To: <3B661554.264B975F@softhome.net> References: <3B63BFC7.35DE6CED@softhome.net> <20010729113341.C29295@sobolev.does-not-exist.org> <3B649243.2F3B63F2@softhome.net> <20010730112356.F9495@sobolev.does-not-exist.org> <3B661554.264B975F@softhome.net> Date: Mon, 30 Jul 2001 20:40:33 -0700 To: John Kane From: Jon Callas Subject: Re: Forbidding 8bit text in Armor comments Cc: ietf-openpgp@imc.org Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: At 10:17 PM -0400 7/30/01, John Kane wrote: >The KDE / Mime team discovered rfc2440 implementations >which emit comments in the native 8-bit charset. >This breaks Mime unless they re-encode the entire block >in radix-64, which conflicts with a PGP/Mime requirement >that certain OpenPGP Armored formats MUST be left in >their native "----- BEGIN ... ----- END" format. > >They can't use the '=FF' mechanism because it would >encode the '=' terminators in the armor. > >PGP/Mime needs its ASCII Armor to be pure 7-bit ASCII. Here are questions I have: Is this an implementation problem, or a standard problem? How many people outside of North America going to scream if we all of a sudden limit it to 7-bit? Is UTF-7 an answer, or a disgusting hack (having to parse two UTFs)? Jon Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6V2fGR18048 for ietf-openpgp-bks; Mon, 30 Jul 2001 19:41:16 -0700 (PDT) Received: from tango.SoftHome.net (tango.SoftHome.net [204.144.231.49]) by above.proper.com (8.11.3/8.11.3) with SMTP id f6V2fFs18044 for ; Mon, 30 Jul 2001 19:41:15 -0700 (PDT) Received: (qmail 15699 invoked by uid 417); 31 Jul 2001 02:48:51 -0000 Received: from 209-6-136-54.s54.tnt1.mnh.nh.dialup.rcn.com (HELO softhome.net) (209.6.136.54) by i-softhome-tango with SMTP; 31 Jul 2001 02:48:51 -0000 Message-ID: <3B661554.264B975F@softhome.net> Date: Mon, 30 Jul 2001 22:17:59 -0400 From: John Kane X-Mailer: Mozilla 4.61 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: Jon Callas CC: ietf-openpgp@imc.org Subject: Re: Forbidding 8bit text in Armor comments References: <3B63BFC7.35DE6CED@softhome.net> <20010729113341.C29295@sobolev.does-not-exist.org> <3B649243.2F3B63F2@softhome.net> <20010730112356.F9495@sobolev.does-not-exist.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Jon Callas wrote: > If it gets mangled by a transport, it doesn't cause > the protocol any problems. In some environments, 0x8A translates to 0x0A/CRLF. The KDE / Mime team discovered rfc2440 implementations which emit comments in the native 8-bit charset. This breaks Mime unless they re-encode the entire block in radix-64, which conflicts with a PGP/Mime requirement that certain OpenPGP Armored formats MUST be left in their native "----- BEGIN ... ----- END" format. They can't use the '=FF' mechanism because it would encode the '=' terminators in the armor. PGP/Mime needs its ASCII Armor to be pure 7-bit ASCII. Received: by above.proper.com (8.11.3/8.11.3) id f6V0dFN16327 for ietf-openpgp-bks; Mon, 30 Jul 2001 17:39:15 -0700 (PDT) Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6V0dDs16323 for ; Mon, 30 Jul 2001 17:39:13 -0700 (PDT) Received: from [63.73.97.189] (64.69.113.115) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.0.3); Mon, 30 Jul 2001 17:39:05 -0700 Mime-Version: 1.0 X-Sender: jon@63.73.97.162 Message-Id: In-Reply-To: <20010730112356.F9495@sobolev.does-not-exist.org> References: <3B63BFC7.35DE6CED@softhome.net> <20010729113341.C29295@sobolev.does-not-exist.org> <3B649243.2F3B63F2@softhome.net> <20010730112356.F9495@sobolev.does-not-exist.org> Date: Mon, 30 Jul 2001 17:38:48 -0700 To: Thomas Roessler , John Kane From: Jon Callas Subject: Re: Forbidding 8bit text in Armor comments Cc: ietf-openpgp@imc.org Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: At 11:23 AM +0200 7/30/01, Thomas Roessler wrote: >On 2001-07-29 18:46:27 -0400, John Kane wrote: > >>If you want to ensure that ASCII Armor blocks contain only the >>basic 95 printable characters, you'll need to put something in >>section 6.2 which says that the 'data' which is concatenated to >>form ASCII Armor must itself be pure 0x20-0x7E ASCII. Currently >>this is not part of the spec. > >Precisely. Jon? Forgive me for being dense, but I don't completely understand the problem. The armor portion of ASCII armor completely defines what is there, so that they pass through some potentially damaging transport. However, the comment line is precisely that -- it's a comment for people, not for the machines. In practice, it's a bumper-sticker field that people use to advertise their favorite implementation or the slogan of the week. If it gets mangled by a transport, it doesn't cause the protocol any problems. The ASCII armor still transfers the secure object. I don't see the problem in the comment line being UTF-8 (and it never occurred to me that it wasn't). After all, there's an IETF meta-rule that text is supposed to be UTF-8 unless there's a really, really good reason for it not to be. So I have to ask -- why shouldn't someone be able to put UTF-8 there? What's wrong with it? Jon Received: by above.proper.com (8.11.3/8.11.3) id f6U9ofp21039 for ietf-openpgp-bks; Mon, 30 Jul 2001 02:50:41 -0700 (PDT) Received: from smtp1.nikoma.de (smtp1.nikoma.de [212.122.128.19]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6U9ods21030 for ; Mon, 30 Jul 2001 02:50:39 -0700 (PDT) Received: from sobolev.does-not-exist.org (dialin190.pg4-nt.dusseldorf.nikoma.de [213.54.99.190]) by smtp1.nikoma.de (8.9.3/8.9.3) with ESMTP id LAA64661; Mon, 30 Jul 2001 11:49:53 +0200 (CEST) (envelope-from roessler@does-not-exist.org) Received: by sobolev.does-not-exist.org (Postfix, from userid 1000) id 126A92ED15; Mon, 30 Jul 2001 11:23:57 +0200 (CEST) Date: Mon, 30 Jul 2001 11:23:57 +0200 From: Thomas Roessler To: John Kane , Jon Callas Cc: ietf-openpgp@imc.org Subject: Forbidding 8bit text in Armor comments Message-ID: <20010730112356.F9495@sobolev.does-not-exist.org> Mail-Followup-To: John Kane , Jon Callas , ietf-openpgp@imc.org References: <3B63BFC7.35DE6CED@softhome.net> <20010729113341.C29295@sobolev.does-not-exist.org> <3B649243.2F3B63F2@softhome.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <3B649243.2F3B63F2@softhome.net> User-Agent: Mutt/1.3.20i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 2001-07-29 18:46:27 -0400, John Kane wrote: >If you want to ensure that ASCII Armor blocks contain only the >basic 95 printable characters, you'll need to put something in >section 6.2 which says that the 'data' which is concatenated to >form ASCII Armor must itself be pure 0x20-0x7E ASCII. Currently >this is not part of the spec. Precisely. Jon? -- Thomas Roessler http://log.does-not-exist.org/ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6TMlfe16373 for ietf-openpgp-bks; Sun, 29 Jul 2001 15:47:41 -0700 (PDT) Received: from tango.SoftHome.net (tango.SoftHome.net [204.144.231.49]) by above.proper.com (8.11.3/8.11.3) with SMTP id f6TMles16369 for ; Sun, 29 Jul 2001 15:47:40 -0700 (PDT) Received: (qmail 17763 invoked by uid 417); 29 Jul 2001 22:55:00 -0000 Received: from 209-6-138-194.s194.tnt2.mnh.nh.dialup.rcn.com (HELO softhome.net) (209.6.138.194) by i-softhome-tango with SMTP; 29 Jul 2001 22:55:00 -0000 Message-ID: <3B649243.2F3B63F2@softhome.net> Date: Sun, 29 Jul 2001 18:46:27 -0400 From: John Kane X-Mailer: Mozilla 4.61 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: ietf-openpgp@imc.org Subject: Re: 8bit text in Comment line (i18n) References: <3B63BFC7.35DE6CED@softhome.net> <20010729113341.C29295@sobolev.does-not-exist.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: > arbitrary character sets [aren't] even remotely worth the hassles Amen. But in rfc2440bis-02, this is the complete definition: Concatenating the following data creates ASCII Armor and: - "Comment", a user-defined comment. There is nothing in the spec which requires an implementation to drop non-ascii characters. Currently, an implementation which emits 0x80-0xFF octets in an Armor Header is rfc2440-compliant. I don't like this, but that's the way it reads. Certain implementations are already emitting native 8-bit text in comments. (...presumably by accident...) If you want to ensure that ASCII Armor blocks contain only the basic 95 printable characters, you'll need to put something in section 6.2 which says that the 'data' which is concatenated to form ASCII Armor must itself be pure 0x20-0x7E ASCII. Currently this is not part of the spec. Even something as simple as: "Comment", a user-defined 7-bit ASCII comment. might be sufficient. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6T9nLM26972 for ietf-openpgp-bks; Sun, 29 Jul 2001 02:49:21 -0700 (PDT) Received: from smtp2.nikoma.de (smtp2.nikoma.de [212.122.128.25]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6T9nIs26960 for ; Sun, 29 Jul 2001 02:49:19 -0700 (PDT) Received: from sobolev.does-not-exist.org (dialin13.pg2-nt.dusseldorf.nikoma.de [213.54.97.13]) by smtp2.nikoma.de (8.9.3/8.9.3) with ESMTP id LAA93111; Sun, 29 Jul 2001 11:48:56 +0200 (CEST) (envelope-from roessler@does-not-exist.org) Received: by sobolev.does-not-exist.org (Postfix, from userid 1000) id 8EC9C2ED19; Sun, 29 Jul 2001 11:33:41 +0200 (CEST) Date: Sun, 29 Jul 2001 11:33:41 +0200 From: Thomas Roessler To: John Kane Cc: ietf-openpgp@imc.org Subject: Re: 8bit text in Comment line (i18n) Message-ID: <20010729113341.C29295@sobolev.does-not-exist.org> Mail-Followup-To: John Kane , ietf-openpgp@imc.org References: <3B63BFC7.35DE6CED@softhome.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <3B63BFC7.35DE6CED@softhome.net> User-Agent: Mutt/1.3.20i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 2001-07-29 03:48:24 -0400, John Kane wrote: >I see no clause defining the charset of text in Armor Headers. >Should an armored block be constrained to use only 7-bit mail-safe >characters, or should it be stated that Armor Headers may be in >UTF-8, or native charset, or what? There's a reason why it's called ASCII armor, and not UTF-8 armor, and at least PGP/MIME relies on ASCII armor being actually restricted 7bit characters. I don't think that vanity armor headers in arbitrary character sets are even remotely worth the hassles and effort which they generate. -- Thomas Roessler http://log.does-not-exist.org/ Received: by above.proper.com (8.11.3/8.11.3) id f6T8f3l22410 for ietf-openpgp-bks; Sun, 29 Jul 2001 01:41:03 -0700 (PDT) Received: from mercury.rus.uni-stuttgart.de (mercury.rus.uni-stuttgart.de [129.69.1.226]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6T8f2s22401 for ; Sun, 29 Jul 2001 01:41:02 -0700 (PDT) Received: from rusfw by mercury.rus.uni-stuttgart.de with local (Exim 3.22 #1) id 15Qm80-0005r0-00 for ietf-openpgp@imc.org; Sun, 29 Jul 2001 10:40:48 +0200 To: ietf-openpgp@imc.org Subject: Re: 8bit text in Comment line (i18n) References: <3B63BFC7.35DE6CED@softhome.net> From: Florian Weimer Date: 29 Jul 2001 10:40:48 +0200 In-Reply-To: <3B63BFC7.35DE6CED@softhome.net> (John Kane's message of "Sun, 29 Jul 2001 03:48:24 -0400") Message-ID: Lines: 11 User-Agent: Gnus/5.090001 (Oort Gnus v0.01) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: John Kane writes: > I see no clause defining the charset of text in Armor Headers. All text in RFC 2440 messages is encoded in UTF-8, unless otherwise stated. -- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898 Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6T7nLb18274 for ietf-openpgp-bks; Sun, 29 Jul 2001 00:49:21 -0700 (PDT) Received: from tango.SoftHome.net (tango.SoftHome.net [204.144.231.49]) by above.proper.com (8.11.3/8.11.3) with SMTP id f6T7nKs18270 for ; Sun, 29 Jul 2001 00:49:20 -0700 (PDT) Received: (qmail 6627 invoked by uid 417); 29 Jul 2001 07:56:43 -0000 Received: from 209-6-130-224.s224.tnt5.mnh.nh.dialup.rcn.com (HELO softhome.net) (209.6.130.224) by i-softhome-tango with SMTP; 29 Jul 2001 07:56:43 -0000 Message-ID: <3B63BFC7.35DE6CED@softhome.net> Date: Sun, 29 Jul 2001 03:48:24 -0400 From: John Kane X-Mailer: Mozilla 4.61 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: ietf-openpgp@imc.org Subject: 8bit text in Comment line (i18n) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Some of the KDE people (Mark Mutz, Ingo Kloecker) noted: http://lists.gnupg.org/pipermail/gnupg-users/2001-July/009397.html that ascii-armor comment lines may contain non-7-bit text. It is not clear whether this is a "SHOULD warn" situation. I see no clause defining the charset of text in Armor Headers. Should an armored block be constrained to use only 7-bit mail-safe characters, or should it be stated that Armor Headers may be in UTF-8, or native charset, or what? Either user-defined text in Armor Headers MAY contain non-7-bit characters, or SHOULD NOT, or MUST NOT. If non-7-bit text is allowed, there ought to be a note in 2440/6.2 which warns that the use of an 8-bit charset will make the 'armored' output non-mail-safe. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6PMYln02451 for ietf-openpgp-bks; Wed, 25 Jul 2001 15:34:47 -0700 (PDT) Received: from claude.kendall.akamai.com (wirefire.akamai.com [64.14.77.8]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6PMYjs02447 for ; Wed, 25 Jul 2001 15:34:46 -0700 (PDT) Received: (from dshaw@localhost) by claude.kendall.akamai.com (8.9.3/8.9.3) id SAA02968 for ietf-openpgp@imc.org; Wed, 25 Jul 2001 18:34:46 -0400 Date: Wed, 25 Jul 2001 18:34:46 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Notation data suggestion for rfc2440bis-02 Message-ID: <20010725183446.F1396@akamai.com> Mail-Followup-To: ietf-openpgp@imc.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-PGP-Key: 2048R/3CB3B415/4D 96 83 18 2B AF BE 45 D0 07 C4 07 51 37 B3 18 X-URL: http://www.jabberwocky.com/ X-Phase-Of-Moon: The Moon is Waxing Crescent (33% of Full) X-Pointless-Random-Number: 0 X-Silly-Header: It sure is. Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I have a suggestion for rfc2440bis, section 5.2.3.16 (Notation Data). The design to divide the notation "name" namespace into IETF and user-controlled spaces is very good as it allows for people to add their own notations that may or may not be applicable to the world at large, but are still usable for anyone who is interested. Since the user space naming scheme is, in effect, an email address (being a name @ a DNS domain), I'd like to suggest adding something like this: Since the user name space is in the form of an email address, implementors MAY wish to arrange for that address to reach a person who can be consulted about the use of the named tag. Note that due to UTF-8 encoding, not all valid user space name tags are valid email addresses. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6O3R3u14042 for ietf-openpgp-bks; Mon, 23 Jul 2001 20:27:03 -0700 (PDT) Received: from claude.kendall.akamai.com (walrus.ne.mediaone.net [65.96.217.45]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6O3R1G14038 for ; Mon, 23 Jul 2001 20:27:01 -0700 (PDT) Received: (from dshaw@localhost) by claude.kendall.akamai.com (8.9.3/8.9.3) id XAA01895 for ietf-openpgp@imc.org; Mon, 23 Jul 2001 23:26:57 -0400 Date: Mon, 23 Jul 2001 23:26:57 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Question about Notation Data and URLs Message-ID: <20010723232657.C640@akamai.com> Mail-Followup-To: ietf-openpgp@imc.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-PGP-Key: 2048R/3CB3B415/4D 96 83 18 2B AF BE 45 D0 07 C4 07 51 37 B3 18 X-URL: http://www.jabberwocky.com/ X-Phase-Of-Moon: The Moon is Waxing Crescent (15% of Full) X-Pointless-Random-Number: 203 X-Silly-Header: It sure is. Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Given the improvement to the Notation Data packet in draft-ietf-openpgp-rfc2440bis-02, I am curious as to the future use of the Policy URL and Preferred keyserver packets. Instead of having additional packet types, wouldn't it be simpler to have a notation with the name being "POLICYURL" or the like, and the value being the URL? I'm aware that Policy URL and Preferred keyserver already existed in rfc2440, and that some code already uses them which is probably enough of a reason not to get rid of them right there :) It would be nice though code-wise to be able to put all attributes like that in a single type of packet. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6NAdZU16286 for ietf-openpgp-bks; Mon, 23 Jul 2001 03:39:35 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6NAdUq16282 for ; Mon, 23 Jul 2001 03:39:30 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA08997; Mon, 23 Jul 2001 06:37:58 -0400 (EDT) Message-Id: <200107231037.GAA08997@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-openpgp@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-openpgp-mime-08.txt Date: Mon, 23 Jul 2001 06:37:58 -0400 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the An Open Specification for Pretty Good Privacy Working Group of the IETF. Title : MIME Security with OpenPGP Author(s) : M. Elkins, D. Del Torto, R. Levien, T. Roessler Filename : draft-ietf-openpgp-mime-08.txt Pages : 15 Date : 20-Jul-01 This document describes how the OpenPGP Message Format [1] can be used to provide privacy and authentication using the Multipurpose Internet Mail Extensions (MIME) security content types described in RFC1847 [2]. This draft is being discussed on the 'ietf-openpgp' mailing list. To join the list, send a message to with the single word 'subscribe' in the subject. An archive of the working group's list is located at . A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-openpgp-mime-08.txt Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-openpgp-mime-08.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-openpgp-mime-08.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20010720082610.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-openpgp-mime-08.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-openpgp-mime-08.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20010720082610.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6JLgb207753 for ietf-openpgp-bks; Thu, 19 Jul 2001 14:42:37 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6JLfnq07729 for ; Thu, 19 Jul 2001 14:41:49 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA11787; Thu, 19 Jul 2001 16:52:04 -0400 (EDT) Message-Id: <200107192052.QAA11787@ietf.org> To: IETF-Announce: ; Cc: RFC Editor Cc: Internet Architecture Board Cc: ietf-openpgp@imc.org From: The IESG Subject: Protocol Action: MIME Security with OpenPGP to Proposed Standard Date: Thu, 19 Jul 2001 16:52:04 -0400 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: The IESG has approved the Internet-Draft 'MIME Security with OpenPGP' as a Proposed Standard. This document is the product of the An Open Specification for Pretty Good Privacy Working Group. The IESG contact persons are Jeffrey Schiller and Marcus Leech. Technical Summary This document defines a MIME encapsulation for the OpenPGP Message Format. It is an update of RFC2015 taking into account lessons learned during the deployment of RFC2015 based systems. Security protocols provide a unique challenge for MIME based systems. Specifically it must be ensured that the binary representation of a message is not altered by a MIME aware gateway. Modification, if present will always break any provided digital signatures. Yet the obvious mechanism to ensure this in MIME is to encode the message in such a fashion that it is not human readable. This document defines how to best protect a message from unwanted modification while at the same time managing to keep the actual message format human readable. Working Group Summary The working group came to consensus on this document. Protocol Quality Jeffrey I. Schiller reviewed this protocol for the IETF. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6JKZNV05448 for ietf-openpgp-bks; Thu, 19 Jul 2001 13:35:23 -0700 (PDT) Received: from mage.qualcomm.com (mage.qualcomm.com [129.46.65.64]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6JKZMq05444 for ; Thu, 19 Jul 2001 13:35:22 -0700 (PDT) Received: from [129.46.77.172] (dhcp256.qualcomm.com [129.46.77.172]) by mage.qualcomm.com (8.11.3/8.11.3/1.0) with ESMTP id f6JKZ3K28567; Thu, 19 Jul 2001 13:35:03 -0700 (PDT) Mime-Version: 1.0 X-Sender: jwn2@mage.qualcomm.com Message-Id: In-Reply-To: <20010719112912.A8031@sobolev.does-not-exist.org> References: <20010719112912.A8031@sobolev.does-not-exist.org> X-Mailer: eudora51-ffc10713011434 X-PGP-RSA-Fingerprint: EA53 01A6 C076 F9C2 09E8 9480 645A 8857 X-PGP-DH-Fingerprint: 4F5E 56C9 BD4D 0227 331F 6AEE 9590 24F9 6FD7 04F8 Date: Thu, 19 Jul 2001 13:35:09 -0700 To: Thomas Roessler From: John W Noerenberg II Subject: Re: [today] New draft for IANA considerations change Cc: "openPGP e-Mail (E-Mail)" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 11:29 AM +0200 7/19/01, Thomas Roessler wrote: >I'll submit a version with the following IANA considerations section >at 1900 GMT, today. Please raise any objections NOW. > >Changes: > >- asc and sig are given as extensions for application/pgp-signature >- no Macintosh file type is given for application/pgp-keys > >This version is based on a conversation with Werner Koch. I have >received no further feed-back from NAI. We'll let the Mac stuff go. The files are self-describing. Mac implementers are just going to have to figure it out from the content of the files. The file types are parameters on the MIME labels. But the file types are a local issue, not something for over the wire, anyway.... I compared -07 and -08. Changes are fine. - -- john noerenberg jwn2@qualcomm.com -------------------------------------------------------------------------- Peace of mind isn't at all superficial, really. It's the whole thing. That which produces it is good maintenance; that which disturbs it is poor maintenance. -- Zen and the Art of Motorcycle Maintenance, Robert M. Pirsig, 1974 -------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use iQA/AwUBO1dEhJWQJPlv1wT4EQIruACgtK7jfucggUM6Mf+R9Lf52x9ZRhEAn3q8 5wb1GLT9HAwTNe24thDAcxIu =19h0 -----END PGP SIGNATURE----- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6J9UWl02126 for ietf-openpgp-bks; Thu, 19 Jul 2001 02:30:32 -0700 (PDT) Received: from smtp1.nikoma.de (smtp1.nikoma.de [212.122.128.19]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6J9UUq02114 for ; Thu, 19 Jul 2001 02:30:30 -0700 (PDT) Received: from sobolev.does-not-exist.org (dialin192.pg2-nt.dusseldorf.nikoma.de [213.54.97.192]) by smtp1.nikoma.de (8.9.3/8.9.3) with ESMTP id LAA57369; Thu, 19 Jul 2001 11:30:02 +0200 (CEST) (envelope-from roessler@does-not-exist.org) Received: by sobolev.does-not-exist.org (Postfix, from userid 1000) id 48E682ED15; Thu, 19 Jul 2001 11:29:12 +0200 (CEST) Date: Thu, 19 Jul 2001 11:29:12 +0200 From: Thomas Roessler To: "openPGP e-Mail (E-Mail)" , John W Noerenberg II Subject: [today] New draft for IANA considerations change Message-ID: <20010719112912.A8031@sobolev.does-not-exist.org> Mail-Followup-To: "openPGP e-Mail (E-Mail)" , John W Noerenberg II Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="fUYQa+Pmc3FrFX/N" Content-Disposition: inline User-Agent: Mutt/1.3.19i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --fUYQa+Pmc3FrFX/N Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I'll submit a version with the following IANA considerations section=20 at 1900 GMT, today. Please raise any objections NOW. Changes: - asc and sig are given as extensions for application/pgp-signature - no Macintosh file type is given for application/pgp-keys This version is based on a conversation with Werner Koch. I have=20 received no further feed-back from NAI. >9. IANA Considerations > > This document defines three media types: "application/pgp-encrypted", > "application/pgp-signature" and "application/pgp-keys". The following > sections specify the IANA registrations for these types. > >9.1. Registration of the application/pgp-encrypted media type > > MIME media type name: application > MIME subtype name: pgp-encrypted > Required parameters: none > Optional parameters: none > > Encoding considerations: > > Currently this media type always consists of a single 7bit text > string. > > Security considerations: > > See Section 8 and RFC 2440 Section 13. > > Interoperability considerations: none > > Published specification: > > This document. > > Additional information: > > Magic number(s): none > File extension(s): none > Macintosh File Type Code(s): none > > Person & email address to contact for further information: > > Michael Elkins > Email: me@cs.hmc.edu > > Intended usage: common > > Author/Change controller: > > Michael Elkins > Email: me@cs.hmc.edu > > >9.2. Registration of the application/pgp-signature media type > > MIME media type name: application > MIME subtype name: pgp-signature > Required parameters: none > Optional parameters: none > > Encoding considerations: > > The content of this media type always consists of 7bit text. > > Security considerations: > > See Section 8 and RFC 2440 Section 13. > > Interoperability considerations: none > > Published specification: > > RFC 2440 and this document. > > Additional information: > > Magic number(s): none > File extension(s): asc, sig > Macintosh File Type Code(s): pgDS > > Person & email address to contact for further information: > > Michael Elkins > Email: me@cs.hmc.edu > > Intended usage: common > > Author/Change controller: > > Michael Elkins > Email: me@cs.hmc.edu > > >9.3. Registration of the application/pgp-keys media type > > MIME media type name: application > MIME subtype name: pgp-keys > Required parameters: none > Optional parameters: none > > Encoding considerations: > > The content of this media type always consists of 7bit text. > > Security considerations: > > See Section 8 and RFC 2440 Section 13. > > Interoperability considerations: none > > Published specification: > > RFC 2440 and this document. > > Additional information: > > Magic number(s): none > File extension(s): asc > Macintosh File Type Code(s): none > > Person & email address to contact for further information: > > Michael Elkins > Email: me@cs.hmc.edu > > Intended usage: common > > Author/Change controller: > > Michael Elkins > Email: me@cs.hmc.edu > --=20 Thomas Roessler http://log.does-not-exist.org/ --fUYQa+Pmc3FrFX/N Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) iQEVAwUBO1aoaNImKUTOasbBAQIuYAf/RnmiLj7a4p3dZKmzjLSxzpyHLQ20Px1m rh9ryzj/zUywqilHCppN3MHwbcSwBxfVp8eH5tHKvEC2upmZok5nvOnuQNXW+1xi Dfyx3SHeL8rSMraZ7LoqvrMDn+Apa23ZlhIHAz+d5gPRlXJzmgca11HTAkMo6M5/ NokzwfCqIcKnLFfKydETF1WoVBTC0TnqeLlTeyRFzKoZnSYtGGu9RxqGX/OQl194 XiXtkPyJRoY0pV12vY3ONJJ9K07lGiloxgp4syVDODWexX3XlB3oo+EHYEg9c5oT WM5tU8Nb2T9iONlpszXu/AP6BYzjgENBvvvHVVMGgLu0aWaBvGWX+A== =/APz -----END PGP SIGNATURE----- --fUYQa+Pmc3FrFX/N-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6IJZAa12808 for ietf-openpgp-bks; Wed, 18 Jul 2001 12:35:10 -0700 (PDT) Received: from smtp2.nikoma.de (smtp2.nikoma.de [212.122.128.25]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6IJZ8q12804 for ; Wed, 18 Jul 2001 12:35:08 -0700 (PDT) Received: from sobolev.does-not-exist.org (dialin24.pg5-nt.dusseldorf.nikoma.de [213.54.100.24]) by smtp2.nikoma.de (8.9.3/8.9.3) with ESMTP id VAA83570; Wed, 18 Jul 2001 21:34:48 +0200 (CEST) (envelope-from roessler@does-not-exist.org) Received: by sobolev.does-not-exist.org (Postfix, from userid 1000) id 4F0282ED15; Wed, 18 Jul 2001 21:33:53 +0200 (CEST) Date: Wed, 18 Jul 2001 21:33:53 +0200 From: Thomas Roessler To: Florian Weimer Cc: Will Price , Werner Koch , "openPGP e-Mail (E-Mail)" Subject: Re: [urgent] PGP/MIME IANA considerations: file extensions, Macintosh file type codes. Message-ID: <20010718213353.A1275@sobolev.does-not-exist.org> Mail-Followup-To: Florian Weimer , Will Price , Werner Koch , "openPGP e-Mail (E-Mail)" References: <20010703114448.C32064@sobolev.does-not-exist.org> <3B549BAF.D334E139@cyphers.net> <20010718001048.C22823@sobolev.does-not-exist.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.19i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 2001-07-18 18:52:00 +0200, Florian Weimer wrote: >>Or should I just drop extensions and Mac file types? >I would do so for the detached signature. I don't think there is >enough time to check all the interoperability issues. >For the public key ring file, I would rather drop the requirement that >the content is 7bit ASCII-armored and mention that the extensions >.pkr, .pgp, .pkr and .asc are common. Well, changing content-transfer-encoding requirements after WG last call (and in a way which breaks old software's expectations) doesn't look like the best idea since the invention of sliced bread to me. But anyway, if NAI isn't interested in finding a reasonable solution for this stuff, I'll just leave it out. -- Thomas Roessler http://log.does-not-exist.org/ Received: by above.proper.com (8.11.3/8.11.3) id f6IGrwP07611 for ietf-openpgp-bks; Wed, 18 Jul 2001 09:53:58 -0700 (PDT) Received: from mercury.rus.uni-stuttgart.de (mercury.rus.uni-stuttgart.de [129.69.1.226]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6IGrvq07607 for ; Wed, 18 Jul 2001 09:53:57 -0700 (PDT) Received: from rusfw by mercury.rus.uni-stuttgart.de with local (Exim 3.22 #1) id 15MuYK-0005uW-00; Wed, 18 Jul 2001 18:52:00 +0200 To: Will Price Cc: Werner Koch , "openPGP e-Mail (E-Mail)" Subject: Re: [urgent] PGP/MIME IANA considerations: file extensions, Macintosh file type codes. References: <20010703114448.C32064@sobolev.does-not-exist.org> <3B549BAF.D334E139@cyphers.net> <20010718001048.C22823@sobolev.does-not-exist.org> From: Florian Weimer Date: 18 Jul 2001 18:52:00 +0200 In-Reply-To: <20010718001048.C22823@sobolev.does-not-exist.org> (Thomas Roessler's message of "Wed, 18 Jul 2001 00:10:48 +0200") Message-ID: Lines: 24 User-Agent: Gnus/5.090001 (Oort Gnus v0.01) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Thomas Roessler writes: > So what change do you suggest? Should I replace the extension in 9.2 > by ".sig", or list ".asc" and ".sig"? (I also note that PGP 2.6 and > PGP 5.0i generate ".asc" for ASCII-armored detached signatures on my > Linux machine; gnupg generates ".sig".) > > And what file type and extension am I supposed to put in there for > ascii-armored public keys? ".asc" and "TEXT"? ".pkr" and "pgPR"? None > of these seem to make terribly much sense to me. > > Or should I just drop extensions and Mac file types? I would do so for the detached signature. I don't think there is enough time to check all the interoperability issues. For the public key ring file, I would rather drop the requirement that the content is 7bit ASCII-armored and mention that the extensions .pkr, .pgp, .pkr and .asc are common. -- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898 Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6IBmn428462 for ietf-openpgp-bks; Wed, 18 Jul 2001 04:48:49 -0700 (PDT) Received: from mail.arcor-ip.de (mail.arcor-ip.de [145.253.2.10] (may be forged)) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6IBmlq28458 for ; Wed, 18 Jul 2001 04:48:47 -0700 (PDT) Received: from localhost (212.144.245.253) by mail.arcor-ip.de (5.5.034) id 3B5565AD0000288C; Wed, 18 Jul 2001 13:48:42 +0200 Received: by localhost (Postfix, from userid 500) id 4286B3C; Wed, 18 Jul 2001 13:48:19 +0200 (CEST) Date: Wed, 18 Jul 2001 13:48:19 +0200 From: Ingo Luetkebohle To: Werner Koch Cc: ietf-openpgp@imc.org Subject: Re: Attribute certificates Message-ID: <20010718134819.C1213@blank.pages.de> References: <20010717002003.A1161@blank.pages.de> <20010717103421.A1143@blank.pages.de> <87snfu4v6y.fsf@alberti.gnupg.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="+g7M9IMkV8truYOl" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <87snfu4v6y.fsf@alberti.gnupg.de>; from wk@gnupg.org on Wed, Jul 18, 2001 at 08:17:57AM +0200 Organization: Maybe when I grow up X-URL: http://blank.pages.de/ Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --+g7M9IMkV8truYOl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 18, 2001 at 08:17:57AM +0200, Werner Koch wrote: > 2440bis has one. Basically you append "@mydomain" to the name and > make sure that you have control over that domain.=20 Well, I meant a little more with 'interoperability', namely, to enable others to implement my notations and to implement notations specified by others. Is there some means to exchange information necessary for that? otherwise, thanks for the tips on how I can prevent stepping on other software's toes :) --=20 Ingo Luetkebohle / ingo@blank.pages.de / 95428014 / | Student of Computational Linguistics & Computer Science; | Fargonauten.DE sysadmin; Gimp Registry maintainer; | FP: 3187 4DEC 47E6 1B1E 6F4F 57D4 CD90 C164 34AD CE5B --+g7M9IMkV8truYOl Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE7VXeDzZDBZDStzlsRAXMpAKCJoUTqRZagxYczOxO/WVJywsXvsACgrGIN exhqSfoVfUFuHGbaHisUVBg= =puPv -----END PGP SIGNATURE----- --+g7M9IMkV8truYOl-- Received: by above.proper.com (8.11.3/8.11.3) id f6I7Tbu12001 for ietf-openpgp-bks; Wed, 18 Jul 2001 00:29:37 -0700 (PDT) Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6I7TZq11997 for ; Wed, 18 Jul 2001 00:29:35 -0700 (PDT) Received: (from hal@localhost) by finney.org (8.9.3/8.9.3) id XAA10164; Tue, 17 Jul 2001 23:19:24 -0700 Date: Tue, 17 Jul 2001 23:19:24 -0700 From: hal@finney.org Message-Id: <200107180619.XAA10164@finney.org> To: ingo@blank.pages.de, jon@callas.org Subject: Re: Attribute certificates Cc: ietf-openpgp@imc.org Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: If you use the notation data for an attribute cert, be sure and set the critical flag. That should be a hint to software that it is not a regular certification signature. Software is supposed to ignore sigs that have critical subpackets which it doesn't understand. Hal Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6I6nrh06232 for ietf-openpgp-bks; Tue, 17 Jul 2001 23:49:53 -0700 (PDT) Received: from merrymeet.com (iMac@merrymeet.com [63.73.97.162]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6I6nqq06224 for ; Tue, 17 Jul 2001 23:49:52 -0700 (PDT) Received: from [63.73.97.188] (63.73.97.188) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.0.3); Tue, 17 Jul 2001 23:49:47 -0700 Mime-Version: 1.0 X-Sender: jon@63.73.97.162 Message-Id: In-Reply-To: <87snfu4v6y.fsf@alberti.gnupg.de> References: <20010717002003.A1161@blank.pages.de> <20010717103421.A1143@blank.pages.de> <87snfu4v6y.fsf@alberti.gnupg.de> Date: Tue, 17 Jul 2001 23:49:42 -0700 To: Werner Koch , ietf-openpgp@imc.org From: Jon Callas Subject: Re: Attribute certificates Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: At 8:17 AM +0200 7/18/01, Werner Koch wrote: >On Tue, 17 Jul 2001 10:34:21 +0200, Ingo Luetkebohle said: > >> Is there any kind of 'official' registration or publishing process for >> notation data to enable interoperability? > >2440bis has one. Basically you append "@mydomain" to the name and >make sure that you have control over that domain. > Another informal alternative would be to use something similar to the Java naming scheme. If you prefixed your attributes with : de.pages.blank@ingo, you'd probably never run into trouble. Jon Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6I6ZdJ03931 for ietf-openpgp-bks; Tue, 17 Jul 2001 23:35:39 -0700 (PDT) Received: from kasiski.gnupg.de (porta.u64.de [194.77.88.106]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6I6Zaq03921 for ; Tue, 17 Jul 2001 23:35:36 -0700 (PDT) Received: from uucp by kasiski.gnupg.de with local-rmail (Exim 3.22 #1 (Debian)) id 15MlNM-0000Kq-00; Wed, 18 Jul 2001 09:04:04 +0200 Received: from wk by alberti.gnupg.de with local (Exim 3.22 #1 (Debian)) id 15Mkek-0002Y0-00; Wed, 18 Jul 2001 08:17:58 +0200 To: ietf-openpgp@imc.org Subject: Re: Attribute certificates References: <20010717002003.A1161@blank.pages.de> <20010717103421.A1143@blank.pages.de> From: Werner Koch Organisation: g10 Code GmbH X-PGP-KeyID: 621CC013 X-Request-PGP: finger:wk@porta.u64.de Date: 18 Jul 2001 08:17:57 +0200 In-Reply-To: <20010717103421.A1143@blank.pages.de> (Ingo Luetkebohle's message of "Tue, 17 Jul 2001 10:34:21 +0200") Message-ID: <87snfu4v6y.fsf@alberti.gnupg.de> Lines: 12 User-Agent: Gnus/5.090004 (Oort Gnus v0.04) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, 17 Jul 2001 10:34:21 +0200, Ingo Luetkebohle said: > Is there any kind of 'official' registration or publishing process for > notation data to enable interoperability? 2440bis has one. Basically you append "@mydomain" to the name and make sure that you have control over that domain. -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6I3haq22970 for ietf-openpgp-bks; Tue, 17 Jul 2001 20:43:36 -0700 (PDT) Received: from bureau6.utcc.utoronto.ca (bureau6.utcc.utoronto.ca [128.100.132.16]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6I3hYq22966 for ; Tue, 17 Jul 2001 20:43:34 -0700 (PDT) Received: from HSE-Toronto-ppp261697.sympatico.ca ([64.230.32.128] EHLO [169.254.207.110] ident: IDENT-NOT-QUERIED [port 50559]) by bureau6.utcc.utoronto.ca with ESMTP id <464165-19164>; Tue, 17 Jul 2001 23:43:25 -0400 Mime-Version: 1.0 X-Sender: robert.guerra@mailbox96.utcc.utoronto.ca Message-Id: In-Reply-To: References: Date: Tue, 17 Jul 2001 23:42:55 -0400 To: "Bryan Morris" , ietf-openpgp@imc.org From: Robert Guerra Subject: Re: Need PGP to automatically encrypt files via a script from our web based applicat Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: bryan: last time I checked on google, I spotted a few apache/php scripts using gnupg to do just the thing you want. if you find anything, let me know..as i to am looking for something similair regards Robert At 3:25 AM -0400 2001/7/18, Bryan Morris wrote: >Hello, > >We have a web-based software application. > >On occasion, we need to transfer confidential data from our client's >remote site to our development office. > >Is there a way we can install PGP (command line or windows version) >and write a script to automatically encrypt the files with our >public key and send those files to our tech support staff? The >client would click a button from the browser application and the >script would run. > >If so, can anyone tell me where I can find the technical details to do this? >Also reference or URL is appreciated. > >Thanks, > >Bryan > > >_________________________________________________________________ >Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- Progress, far from consisting in change, depends on retentiveness. Those who cannot remember the past are condemned to repeat it. "The Life of Reason," 1906, George Santayana (1863-1952) -- Robert Guerra PGP Keys Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6I3P6p22672 for ietf-openpgp-bks; Tue, 17 Jul 2001 20:25:06 -0700 (PDT) Received: from hotmail.com (f57.law4.hotmail.com [216.33.149.57]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6I3P6q22668 for ; Tue, 17 Jul 2001 20:25:06 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 17 Jul 2001 20:25:05 -0700 Received: from 172.148.225.188 by lw4fd.law4.hotmail.msn.com with HTTP; Wed, 18 Jul 2001 03:25:05 GMT X-Originating-IP: [172.148.225.188] From: "Bryan Morris" To: ietf-openpgp@imc.org Subject: Need PGP to automatically encrypt files via a script from our web based applicat Date: Wed, 18 Jul 2001 03:25:05 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 18 Jul 2001 03:25:05.0349 (UTC) FILETIME=[3CF77F50:01C10F39] Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hello, We have a web-based software application. On occasion, we need to transfer confidential data from our client's remote site to our development office. Is there a way we can install PGP (command line or windows version) and write a script to automatically encrypt the files with our public key and send those files to our tech support staff? The client would click a button from the browser application and the script would run. If so, can anyone tell me where I can find the technical details to do this? Also reference or URL is appreciated. Thanks, Bryan _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Received: by above.proper.com (8.11.3/8.11.3) id f6I3Ma822633 for ietf-openpgp-bks; Tue, 17 Jul 2001 20:22:36 -0700 (PDT) Received: from hotmail.com (f133.law7.hotmail.com [216.33.237.133]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6I3MZq22629 for ; Tue, 17 Jul 2001 20:22:35 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 17 Jul 2001 20:22:35 -0700 Received: from 172.148.225.188 by lw7fd.law7.hotmail.msn.com with HTTP; Wed, 18 Jul 2001 03:22:34 GMT X-Originating-IP: [172.148.225.188] From: "Allan Pratt" To: ietf-openpgp@imc.org Subject: ietf-openpgp@imc.org Date: Wed, 18 Jul 2001 03:22:34 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 18 Jul 2001 03:22:35.0229 (UTC) FILETIME=[E37D00D0:01C10F38] Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: ietf-openpgp@imc.org _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6I0sS719095 for ietf-openpgp-bks; Tue, 17 Jul 2001 17:54:28 -0700 (PDT) Received: from mail.arcor-ip.de (mail.arcor-ip.de [145.253.2.10] (may be forged)) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6I0sRq19091 for ; Tue, 17 Jul 2001 17:54:27 -0700 (PDT) Received: from localhost (212.144.236.204) by mail.arcor-ip.de (5.5.034) id 3B4F0EFE00080D1D; Tue, 17 Jul 2001 10:35:58 +0200 Received: by localhost (Postfix, from userid 500) id D7E6E18; Tue, 17 Jul 2001 10:34:21 +0200 (CEST) Date: Tue, 17 Jul 2001 10:34:21 +0200 From: Ingo Luetkebohle To: Jon Callas Cc: ietf-openpgp@imc.org Subject: Re: Attribute certificates Message-ID: <20010717103421.A1143@blank.pages.de> References: <20010717002003.A1161@blank.pages.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="9jxsPFA5p3P2qPhR" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from jon@callas.org on Mon, Jul 16, 2001 at 04:10:54PM -0700 Organization: Maybe when I grow up X-URL: http://blank.pages.de/ Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --9jxsPFA5p3P2qPhR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jul 16, 2001 at 04:10:54PM -0700, Jon Callas wrote: > Yes. The Standalone Signatures and Notation signature subpackets are > designed precisely to set up the sort of arbitrary associations that you'= re > looking for. But also, notations can be used other signatures to put in > information like group membership and so on. Ah, I had wondered about the notation data but wasn't sure. Thanks for clarifiying that. Is there any kind of 'official' registration or publishing process for notation data to enable interoperability? Regards =20 --=20 Ingo Luetkebohle / ingo@blank.pages.de / 95428014 / | Student of Computational Linguistics & Computer Science; | Fargonauten.DE sysadmin; Gimp Registry maintainer; | FP: 3187 4DEC 47E6 1B1E 6F4F 57D4 CD90 C164 34AD CE5B --9jxsPFA5p3P2qPhR Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE7U/iNzZDBZDStzlsRAUKXAJ0XYd9cpCMMuIcDXiskBnsaLCXVvwCfWKfR tMGCQxMImxakT07wErNqgl4= =EOAg -----END PGP SIGNATURE----- --9jxsPFA5p3P2qPhR-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6HMC4S15882 for ietf-openpgp-bks; Tue, 17 Jul 2001 15:12:04 -0700 (PDT) Received: from smtp1.nikoma.de (smtp1.nikoma.de [212.122.128.19]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6HMC1q15878 for ; Tue, 17 Jul 2001 15:12:02 -0700 (PDT) Received: from sobolev.does-not-exist.org (dialin104.pg4-nt.dusseldorf.nikoma.de [213.54.99.104]) by smtp1.nikoma.de (8.9.3/8.9.3) with ESMTP id AAA47516; Wed, 18 Jul 2001 00:11:39 +0200 (CEST) (envelope-from roessler@does-not-exist.org) Received: by sobolev.does-not-exist.org (Postfix, from userid 1000) id F2BD12ED15; Wed, 18 Jul 2001 00:10:48 +0200 (CEST) Date: Wed, 18 Jul 2001 00:10:48 +0200 From: Thomas Roessler To: Will Price , Werner Koch Cc: Florian Weimer , "openPGP e-Mail (E-Mail)" Subject: Re: [urgent] PGP/MIME IANA considerations: file extensions, Macintosh file type codes. Message-ID: <20010718001048.C22823@sobolev.does-not-exist.org> Mail-Followup-To: Will Price , Werner Koch , Florian Weimer , "openPGP e-Mail (E-Mail)" References: <20010703114448.C32064@sobolev.does-not-exist.org> <3B549BAF.D334E139@cyphers.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="k+w/mQv8wyuph6w0" Content-Disposition: inline In-Reply-To: <3B549BAF.D334E139@cyphers.net> User-Agent: Mutt/1.3.19i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --k+w/mQv8wyuph6w0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable So what change do you suggest? =20 Should I replace the extension in 9.2 by ".sig", or list ".asc" and=20 ".sig"? (I also note that PGP 2.6 and PGP 5.0i generate ".asc" for=20 ASCII-armored detached signatures on my Linux machine; gnupg=20 generates ".sig".) And what file type and extension am I supposed to put in there for=20 ascii-armored public keys? ".asc" and "TEXT"? ".pkr" and "pgPR"?=20 None of these seem to make terribly much sense to me. Or should I just drop extensions and Mac file types? PLEASE ADVISE ASAP. THE FINAL DRAFT MUST BE IN THE I-D REPOSITORIES=20 WITHIN LESS THAN 48 HOURS. --=20 Thomas Roessler http://log.does-not-exist.org/ On 2001-07-17 13:10:23 -0700, Will Price wrote: >Date: Tue, 17 Jul 2001 13:10:23 -0700 >From: Will Price >Reply-To: wprice@cyphers.net >X-Mailer: Mozilla 4.75 (Macintosh; U; PPC) >To: Florian Weimer >Cc: "openPGP e-Mail (E-Mail)" >Subject: Re: [urgent] PGP/MIME IANA considerations: file extensions, Macin= tosh=20 > file type codes. > > >The "pgDS" file type is a Detached Signature. The correct file extension >for a detached signature is ".sig". These are ASCII files. They do *not* >use the ".asc" extension. > >The "pgPR" file type is a Public Keyring file. The correct file extension >for a Public Keyring file is ".pkr". These are always binary files. > >".asc" files sometimes contain keys, and sometimes contain encrypted >and/or signed data -- always in ASCII format. These files have no special >Macintosh file type. The file type for these is the standard "TEXT". > >The "pgRR" file type is a Secret Keyring file. The correct file extension >for a Secret Keyring file is ".skr". These are always binary files. > >The "pgEF" file type is a PGP encrypted and/or signed file. The correct >file extension for such a file is ".pgp". These are usually binary files, >but not always. > > > >Florian Weimer wrote: >>=20 >> Excerpt from the current OpenPGP/MIME draft: >>=20 >> | 9.2. Registration of the application/pgp-signature media type >>=20 >> | Encoding considerations: >> | >> | The content of this media type always consists of 7bit text. >>=20 >> | Additional information: >> | >> | Magic number(s): none >> | File extension(s): asc >> | Macintosh File Type Code(s): pgDS >>=20 >> | 9.3. Registration of the application/pgp-keys media type >>=20 >> | Encoding considerations: >> | >> | The content of this media type always consists of 7bit text. >>=20 >> | Additional information: >> | >> | Magic number(s): none >> | File extension(s): asc >> | Macintosh File Type Code(s): pgPR >>=20 >> Doesn't Macintosh PGP (and perhaps other programs as well) store >> binary data in pgDS/pgPR files as well? That's why I don't think the >> MIME types and Macintosh file types are equivalent. > > >--=20 > >Will Price, Director of Engineering >PGP Security, Inc. >a division of Network Associates, Inc. > --k+w/mQv8wyuph6w0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) iQEVAwUBO1S36NImKUTOasbBAQKJ/wf/aVKzpGDT8DHr03HbNETB7goVX5ccfS1U KwUMOhUlJp+GsFwcGzpmRe44ZTyLIhc/YDf0Euekvw1/XBH2EW9F0t5hzTzWA9dS uSdPBkPcS0NxP0ZEmbJSXPfW9Q5c5Qm00YLByS8PbqT+SPRjOpH4Va2mpu9AE9y8 kgegRTd7/u6w3gU9ND1bDceqNDZpvLDcg6GG0elkatmMKW32Dh2zSRIjnc8HlKea dHcD9Pp0QTqRTaILrnhZGOcDRb+oB41xUdGD7xeC0GzX7uM3SkbTy4cbpD0xu/Dw vCkOlGfOMOXxiZIl9PidM2Qal3EdJG8Ngko3EdPU3Hk+EquxzwZCCg== =UkVa -----END PGP SIGNATURE----- --k+w/mQv8wyuph6w0-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6HL1T513970 for ietf-openpgp-bks; Tue, 17 Jul 2001 14:01:29 -0700 (PDT) Received: from enigma.cyphers.net (enigma.cyphers.net [64.220.173.136]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6HL1Rq13966 for ; Tue, 17 Jul 2001 14:01:27 -0700 (PDT) Received: from cyphers.net (sncgw.nai.com [161.69.248.229]) by enigma.cyphers.net (Netscape Messaging Server 4.15) with ESMTP id GGMY3Q00.QFN; Tue, 17 Jul 2001 13:55:02 -0700 Message-ID: <3B54A7AA.5C375A3C@cyphers.net> Date: Tue, 17 Jul 2001 14:01:30 -0700 From: Will Price Reply-To: wprice@cyphers.net X-Mailer: Mozilla 4.75 (Macintosh; U; PPC) X-Accept-Language: en,pdf MIME-Version: 1.0 To: Derek Atkins CC: Florian Weimer , "openPGP e-Mail (E-Mail)" Subject: Re: [urgent] PGP/MIME IANA considerations: file extensions, Macintosh file type codes. References: <20010703114448.C32064@sobolev.does-not-exist.org> <3B549BAF.D334E139@cyphers.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Actually, we don't care. We just happen to generate them as ASCII. Derek Atkins wrote: > > Will Price writes: > > > The "pgDS" file type is a Detached Signature. The correct file extension > > for a detached signature is ".sig". These are ASCII files. They do *not* > > use the ".asc" extension. > > So you can't have a binary detached signature? It must be ASCII? > > -derek > -- > Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory > Member, MIT Student Information Processing Board (SIPB) > URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH > warlord@MIT.EDU PGP key available -- Will Price, Director of Engineering PGP Security, Inc. a division of Network Associates, Inc. Received: by above.proper.com (8.11.3/8.11.3) id f6HL0QY13934 for ietf-openpgp-bks; Tue, 17 Jul 2001 14:00:26 -0700 (PDT) Received: from mercury.rus.uni-stuttgart.de (mercury.rus.uni-stuttgart.de [129.69.1.226]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6HL0Pq13930 for ; Tue, 17 Jul 2001 14:00:25 -0700 (PDT) Received: from rusfw by mercury.rus.uni-stuttgart.de with local (Exim 3.22 #1) id 15MbvL-0002Kt-00; Tue, 17 Jul 2001 22:58:31 +0200 To: Derek Atkins Cc: wprice@cyphers.net, "openPGP e-Mail (E-Mail)" Subject: Re: [urgent] PGP/MIME IANA considerations: file extensions, Macintosh file type codes. References: <20010703114448.C32064@sobolev.does-not-exist.org> <3B549BAF.D334E139@cyphers.net> From: Florian Weimer Date: 17 Jul 2001 22:58:31 +0200 In-Reply-To: (Derek Atkins's message of "17 Jul 2001 16:44:15 -0400") Message-ID: Lines: 19 User-Agent: Gnus/5.090001 (Oort Gnus v0.01) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Derek Atkins writes: > Will Price writes: > > > The "pgDS" file type is a Detached Signature. The correct file extension > > for a detached signature is ".sig". These are ASCII files. They do *not* > > use the ".asc" extension. > > So you can't have a binary detached signature? AFAIK, PGP 2.6.x can create such signatures, and there's nothing in the OpenPGP standard which outlaws them, quite the contrary. Probably you only can't process them on the Mac due to lack of a proper file type. :-/ -- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898 Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6HKiMm13575 for ietf-openpgp-bks; Tue, 17 Jul 2001 13:44:22 -0700 (PDT) Received: from rcn.ihtfp.org (me@ORANGE-TOUR.IHTFP.ORG [204.107.200.33]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6HKiKq13570 for ; Tue, 17 Jul 2001 13:44:20 -0700 (PDT) Received: (from warlord@localhost) by rcn.ihtfp.org (8.9.3) id QAA26620; Tue, 17 Jul 2001 16:44:15 -0400 To: wprice@cyphers.net Cc: Florian Weimer , "openPGP e-Mail (E-Mail)" Subject: Re: [urgent] PGP/MIME IANA considerations: file extensions, Macintosh file type codes. References: <20010703114448.C32064@sobolev.does-not-exist.org> <3B549BAF.D334E139@cyphers.net> From: Derek Atkins Date: 17 Jul 2001 16:44:15 -0400 In-Reply-To: Will Price's message of "Tue, 17 Jul 2001 13:10:23 -0700" Message-ID: Lines: 14 X-Mailer: Gnus v5.5/Emacs 20.3 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Will Price writes: > The "pgDS" file type is a Detached Signature. The correct file extension > for a detached signature is ".sig". These are ASCII files. They do *not* > use the ".asc" extension. So you can't have a binary detached signature? It must be ASCII? -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH warlord@MIT.EDU PGP key available Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6HKASU12774 for ietf-openpgp-bks; Tue, 17 Jul 2001 13:10:28 -0700 (PDT) Received: from enigma.cyphers.net (enigma.cyphers.net [64.220.173.136]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6HKAQq12770 for ; Tue, 17 Jul 2001 13:10:26 -0700 (PDT) Received: from cyphers.net (sncgw.nai.com [161.69.248.229]) by enigma.cyphers.net (Netscape Messaging Server 4.15) with ESMTP id GGMVQJ00.PH0; Tue, 17 Jul 2001 13:03:55 -0700 Message-ID: <3B549BAF.D334E139@cyphers.net> Date: Tue, 17 Jul 2001 13:10:23 -0700 From: Will Price Reply-To: wprice@cyphers.net X-Mailer: Mozilla 4.75 (Macintosh; U; PPC) X-Accept-Language: en,pdf MIME-Version: 1.0 To: Florian Weimer CC: "openPGP e-Mail (E-Mail)" Subject: Re: [urgent] PGP/MIME IANA considerations: file extensions, Macintosh file type codes. References: <20010703114448.C32064@sobolev.does-not-exist.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: The "pgDS" file type is a Detached Signature. The correct file extension for a detached signature is ".sig". These are ASCII files. They do *not* use the ".asc" extension. The "pgPR" file type is a Public Keyring file. The correct file extension for a Public Keyring file is ".pkr". These are always binary files. ".asc" files sometimes contain keys, and sometimes contain encrypted and/or signed data -- always in ASCII format. These files have no special Macintosh file type. The file type for these is the standard "TEXT". The "pgRR" file type is a Secret Keyring file. The correct file extension for a Secret Keyring file is ".skr". These are always binary files. The "pgEF" file type is a PGP encrypted and/or signed file. The correct file extension for such a file is ".pgp". These are usually binary files, but not always. Florian Weimer wrote: > > Excerpt from the current OpenPGP/MIME draft: > > | 9.2. Registration of the application/pgp-signature media type > > | Encoding considerations: > | > | The content of this media type always consists of 7bit text. > > | Additional information: > | > | Magic number(s): none > | File extension(s): asc > | Macintosh File Type Code(s): pgDS > > | 9.3. Registration of the application/pgp-keys media type > > | Encoding considerations: > | > | The content of this media type always consists of 7bit text. > > | Additional information: > | > | Magic number(s): none > | File extension(s): asc > | Macintosh File Type Code(s): pgPR > > Doesn't Macintosh PGP (and perhaps other programs as well) store > binary data in pgDS/pgPR files as well? That's why I don't think the > MIME types and Macintosh file types are equivalent. -- Will Price, Director of Engineering PGP Security, Inc. a division of Network Associates, Inc. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6HJLwR11810 for ietf-openpgp-bks; Tue, 17 Jul 2001 12:21:58 -0700 (PDT) Received: from mercury.rus.uni-stuttgart.de (mercury.rus.uni-stuttgart.de [129.69.1.226]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6HJLvq11806 for ; Tue, 17 Jul 2001 12:21:57 -0700 (PDT) Received: from rusfw by mercury.rus.uni-stuttgart.de with local (Exim 3.22 #1) id 15MaNz-000242-00 for ietf-openpgp@imc.org; Tue, 17 Jul 2001 21:19:59 +0200 To: "openPGP e-Mail (E-Mail)" Subject: Re: [urgent] PGP/MIME IANA considerations: file extensions, Macintosh file type codes. References: <20010703114448.C32064@sobolev.does-not-exist.org> From: Florian Weimer Date: 17 Jul 2001 21:19:59 +0200 In-Reply-To: <20010703114448.C32064@sobolev.does-not-exist.org> (Thomas Roessler's message of "Tue, 3 Jul 2001 11:44:48 +0200") Message-ID: Lines: 34 User-Agent: Gnus/5.090001 (Oort Gnus v0.01) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Excerpt from the current OpenPGP/MIME draft: | 9.2. Registration of the application/pgp-signature media type | Encoding considerations: | | The content of this media type always consists of 7bit text. | Additional information: | | Magic number(s): none | File extension(s): asc | Macintosh File Type Code(s): pgDS | 9.3. Registration of the application/pgp-keys media type | Encoding considerations: | | The content of this media type always consists of 7bit text. | Additional information: | | Magic number(s): none | File extension(s): asc | Macintosh File Type Code(s): pgPR Doesn't Macintosh PGP (and perhaps other programs as well) store binary data in pgDS/pgPR files as well? That's why I don't think the MIME types and Macintosh file types are equivalent. -- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898 Received: by above.proper.com (8.11.3/8.11.3) id f6GNBKL29024 for ietf-openpgp-bks; Mon, 16 Jul 2001 16:11:20 -0700 (PDT) Received: from merrymeet.com (iMac@merrymeet.com [63.73.97.162]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6GNBHq29013 for ; Mon, 16 Jul 2001 16:11:17 -0700 (PDT) Received: from [63.73.97.180] (64.69.113.115) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.0.3); Mon, 16 Jul 2001 16:11:10 -0700 Mime-Version: 1.0 X-Sender: jon@63.73.97.162 Message-Id: In-Reply-To: <20010717002003.A1161@blank.pages.de> References: <20010717002003.A1161@blank.pages.de> Date: Mon, 16 Jul 2001 16:10:54 -0700 To: Ingo Luetkebohle , ietf-openpgp@imc.org From: Jon Callas Subject: Re: Attribute certificates Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: At 12:20 AM +0200 7/17/01, Ingo Luetkebohle wrote: >Hi, > >has there been discussion of specifing something like X.509 attribute >certificates for PGP? Basically, an attribute certificate is a >certification that some arbitrary association holds for the key >owner. E.g., it could be used to certify membership to some group or >to express other information about the key owner. > Yes. The Standalone Signatures and Notation signature subpackets are designed precisely to set up the sort of arbitrary associations that you're looking for. But also, notations can be used other signatures to put in information like group membership and so on. Jon Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f6GMH4227840 for ietf-openpgp-bks; Mon, 16 Jul 2001 15:17:04 -0700 (PDT) Received: from mail.arcor-ip.de (mail.arcor-ip.de [145.253.2.10] (may be forged)) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6GMH2q27836 for ; Mon, 16 Jul 2001 15:17:03 -0700 (PDT) Received: from localhost (212.144.246.111) by mail.arcor-ip.de (5.5.034) id 3B4F0EFE00067B8F for ietf-openpgp@imc.org; Tue, 17 Jul 2001 00:16:49 +0200 Received: by localhost (Postfix, from userid 500) id 578C018; Tue, 17 Jul 2001 00:20:03 +0200 (CEST) Date: Tue, 17 Jul 2001 00:20:03 +0200 From: Ingo Luetkebohle To: ietf-openpgp@imc.org Subject: Attribute certificates Message-ID: <20010717002003.A1161@blank.pages.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="sdtB3X0nJg68CQEu" Content-Disposition: inline User-Agent: Mutt/1.2.5i Organization: Maybe when I grow up X-URL: http://blank.pages.de/ Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --sdtB3X0nJg68CQEu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, has there been discussion of specifing something like X.509 attribute certificates for PGP? Basically, an attribute certificate is a certification that some arbitrary association holds for the key owner. E.g., it could be used to certify membership to some group or to express other information about the key owner. Regards=20 --=20 Ingo Luetkebohle / ingo@blank.pages.de / 95428014 / | Student of Computational Linguistics & Computer Science; | Fargonauten.DE sysadmin; Gimp Registry maintainer; | FP: 3187 4DEC 47E6 1B1E 6F4F 57D4 CD90 C164 34AD CE5B --sdtB3X0nJg68CQEu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE7U2iTzZDBZDStzlsRAdqFAJ4vf/HpF6q805nsNvhTumIwC96ZdgCgs0jr +R/HLboaYbVht2cVGHO4FAo= =HT9k -----END PGP SIGNATURE----- --sdtB3X0nJg68CQEu-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f66AokN00160 for ietf-openpgp-bks; Fri, 6 Jul 2001 03:50:46 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f66Aoim00156 for ; Fri, 6 Jul 2001 03:50:44 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA25773; Fri, 6 Jul 2001 06:49:59 -0400 (EDT) Message-Id: <200107061049.GAA25773@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-openpgp@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-openpgp-mime-07.txt Date: Fri, 06 Jul 2001 06:49:59 -0400 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the An Open Specification for Pretty Good Privacy Working Group of the IETF. Title : MIME Security with OpenPGP Author(s) : M. Elkins, D. Del Torto, R. Levien, T. Roessler Filename : draft-ietf-openpgp-mime-07.txt Pages : 15 Date : 05-Jul-01 This document describes how the OpenPGP Message Format [1] can be used to provide privacy and authentication using the Multipurpose Internet Mail Extensions (MIME) security content types described in RFC1847 [2]. This draft is being discussed on the 'ietf-openpgp' mailing list. To join the list, send a message to with the single word 'subscribe' in the subject. An archive of the working group's list is located at . A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-openpgp-mime-07.txt Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-openpgp-mime-07.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-openpgp-mime-07.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20010705113750.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-openpgp-mime-07.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-openpgp-mime-07.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20010705113750.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: by above.proper.com (8.11.3/8.11.3) id f65MQuR26324 for ietf-openpgp-bks; Thu, 5 Jul 2001 15:26:56 -0700 (PDT) Received: from smtp1.nikoma.de (smtp1.nikoma.de [212.122.128.19]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f65MQsm26315 for ; Thu, 5 Jul 2001 15:26:54 -0700 (PDT) Received: from sobolev.does-not-exist.org (dialin47.pg4-nt.dusseldorf.nikoma.de [213.54.99.47]) by smtp1.nikoma.de (8.9.3/8.9.3) with ESMTP id AAA19339; Fri, 6 Jul 2001 00:26:51 +0200 (CEST) (envelope-from roessler@does-not-exist.org) Received: by sobolev.does-not-exist.org (Postfix, from userid 1000) id A0F622ED15; Fri, 6 Jul 2001 00:25:55 +0200 (CEST) Date: Fri, 6 Jul 2001 00:25:55 +0200 From: Thomas Roessler To: John W Noerenberg II Cc: Marshall Clow , "openPGP e-Mail (E-Mail)" Subject: Re: [urgent] PGP/MIME IANA considerations: file extensions, Macintosh file type codes. Message-ID: <20010706002555.A23829@sobolev.does-not-exist.org> Mail-Followup-To: John W Noerenberg II , Marshall Clow , "openPGP e-Mail (E-Mail)" References: <20010703114448.C32064@sobolev.does-not-exist.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.19i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 2001-07-05 15:06:41 -0700, John W Noerenberg II wrote: >>(Macintosh) PGP Encrypted file: pgEF >This needs to be added to 9.1. No. >It's possible that a UA will write the encrypted data to a file. >It's helpful for Mac files to have the right type. It certainly >isn't harmful to the document to add it. The encrypted data is in an application/octet-stream body part (which is the second part of a multipart/encrypted), not in application/pgp-encrypted. application/pgp-encrypted is the first part of a multipart/encrypted, which is supposed to hold meta information about the encrypted data. With PGP/MIME, that's just a dummy, containing the character string "Version: 1". See also section 4, and the example on page 5 of the draft. -- Thomas Roessler http://log.does-not-exist.org/ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f65M6rX25943 for ietf-openpgp-bks; Thu, 5 Jul 2001 15:06:53 -0700 (PDT) Received: from mage.qualcomm.com (mage.qualcomm.com [129.46.65.64]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f65M6mm25939 for ; Thu, 5 Jul 2001 15:06:52 -0700 (PDT) Received: from [129.46.76.217] (dhcp114.qualcomm.com [129.46.76.217]) by mage.qualcomm.com (8.11.3/8.11.3/1.0) with ESMTP id f65M6mK11807; Thu, 5 Jul 2001 15:06:48 -0700 (PDT) Mime-Version: 1.0 X-Sender: jwn2@mage.qualcomm.com Message-Id: In-Reply-To: References: <20010703114448.C32064@sobolev.does-not-exist.org> X-Mailer: eudora51-0525011202 X-PGP-RSA-Fingerprint: EA53 01A6 C076 F9C2 09E8 9480 645A 8857 X-PGP-DH-Fingerprint: 4F5E 56C9 BD4D 0227 331F 6AEE 9590 24F9 6FD7 04F8 Date: Thu, 5 Jul 2001 15:06:41 -0700 To: Thomas Roessler From: John W Noerenberg II Subject: Re: [urgent] PGP/MIME IANA considerations: file extensions, Macintosh file type codes. Cc: Marshall Clow , "openPGP e-Mail (E-Mail)" Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: At 9:53 AM -0700 7/3/01, Marshall Clow wrote: >(Macintosh) PGP Encrypted file: pgEF This needs to be added to 9.1. It's possible that a UA will write the encrypted data to a file. It's helpful for Mac files to have the right type. It certainly isn't harmful to the document to add it. -- john noerenberg jwn2@qualcomm.com -------------------------------------------------------------------- There is no illusion more dangerous than the belief that the progress of science is predictable. -- Freeman Dyson, "Six Cautionary Tales for Scientists", 1988 -------------------------------------------------------------------- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f63Grip22571 for ietf-openpgp-bks; Tue, 3 Jul 2001 09:53:44 -0700 (PDT) Received: from gateway.idio.com (cx45287-a.pwy1.sdca.home.com [24.0.170.105]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f63Grgm22567 for ; Tue, 3 Jul 2001 09:53:42 -0700 (PDT) Received: from [192.168.16.5] (burns.idio.com [192.168.16.5]) by gateway.idio.com (Postfix) with ESMTP id 5FBA2192D; Tue, 3 Jul 2001 16:53:39 +0000 (GMT) Mime-Version: 1.0 X-Sender: mclow@owl.csusm.edu (Unverified) Message-Id: In-Reply-To: <20010703114448.C32064@sobolev.does-not-exist.org> References: <20010703114448.C32064@sobolev.does-not-exist.org> Date: Tue, 3 Jul 2001 09:53:39 -0700 To: Thomas Roessler From: Marshall Clow Subject: Re: [urgent] PGP/MIME IANA considerations: file extensions, Macintosh file type codes. Cc: "openPGP e-Mail (E-Mail)" Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: >IESG requests that we add a IANA consideration section to the PGP/MIME text. > >This section should also contain indications of file extensions and Macintosh file type codes to be used for the media types we define. > >I suppose that we should list none for application/pgp-encrypted, and .asc as the file extension for application/pgp-signature and application/pgp-keys. However, what are the Macintosh File Type Codes to be used for the latter two media types? PGP 7.03 uses the following types: PGP Encrypted file: pgEF Detached Signature: pgDS Public Key Files: pgPR Secret Key Files: pgRR -- -- Marshall Marshall Clow Idio Software Warning: Objects in calendar are closer than they appear. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f639k9c07252 for ietf-openpgp-bks; Tue, 3 Jul 2001 02:46:09 -0700 (PDT) Received: from smtp2.nikoma.de (smtp2.nikoma.de [212.122.128.25]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f639k7m07248 for ; Tue, 3 Jul 2001 02:46:07 -0700 (PDT) Received: from sobolev.does-not-exist.org (dialin181.pg4-nt.dusseldorf.nikoma.de [213.54.99.181]) by smtp2.nikoma.de (8.9.3/8.9.3) with ESMTP id LAA84311 for ; Tue, 3 Jul 2001 11:45:47 +0200 (CEST) (envelope-from roessler@does-not-exist.org) Received: by sobolev.does-not-exist.org (Postfix, from userid 1000) id 276762ED15; Tue, 3 Jul 2001 11:44:48 +0200 (CEST) Date: Tue, 3 Jul 2001 11:44:48 +0200 From: Thomas Roessler To: "openPGP e-Mail (E-Mail)" Subject: [urgent] PGP/MIME IANA considerations: file extensions, Macintosh file type codes. Message-ID: <20010703114448.C32064@sobolev.does-not-exist.org> Mail-Followup-To: "openPGP e-Mail (E-Mail)" Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline User-Agent: Mutt/1.3.19i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: IESG requests that we add a IANA consideration section to the PGP/MIME text. This section should also contain indications of file extensions and Macintosh file type codes to be used for the media types we define. I suppose that we should list none for application/pgp-encrypted, and .asc as the file extension for application/pgp-signature and application/pgp-keys. However, what are the Macintosh File Type Codes to be used for the latter two media types? Please reply ASAP. -- Thomas Roessler http://log.does-not-exist.org/ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f62KbW614760 for ietf-openpgp-bks; Mon, 2 Jul 2001 13:37:32 -0700 (PDT) Received: from xfw.transarc.ibm.com (xfw.transarc.ibm.com [192.54.226.51]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f62KbMm14743 for ; Mon, 2 Jul 2001 13:37:30 -0700 (PDT) Received: from mailhost.transarc.ibm.com (mailhost.transarc.ibm.com [9.38.192.124]) by xfw.transarc.ibm.com (AIX4.3/UCB 8.7/8.7) with ESMTP id QAA25838 for ; Mon, 2 Jul 2001 16:30:04 -0400 (EDT) Received: from mwyoung (dhcp-197-83.transarc.ibm.com [9.38.197.83]) by mailhost.transarc.ibm.com (8.8.0/8.8.0) with SMTP id QAA04272 for ; Mon, 2 Jul 2001 16:37:15 -0400 (EDT) Message-ID: <022801c10336$af8179e0$c23fa8c0@transarc.ibm.com> From: "Michael Young" To: References: Subject: Re: separation of signed and encrypted pgp mesages into signed pgp messages Date: Mon, 2 Jul 2001 16:35:51 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- >There was a recent paper, > > > describing a flaw in the sign and encrypt function of Open PGP. Despite the gratuitously over-hyped title, the paper does make it clear that the "flaw" is one of understanding. In particular, it is necessary to understand *what* is being signed, and for many systems, it is *only* the message body. Unsigned material, including headers (sender, receiver, and what-not), can be changed. If you want clear identities (or other context) in the signed text, you need to put them there. Yes, some products gloss over the details. PGP, for instance, labels the function "Encrypt&Sign" when it really works in the other order. > the author assumes that is is possible for the recipient > to strip off the encryption from a signed and encrypted pgp message, > leaving only a verified signed message, > and that the ability to do this is ensured in the Open PGP Standard Yes. This *can* be a desirable feature. If you don't like it, you can: (a) include enough context in the signed material; and/or, (b) manually encrypt, then sign (but as the paper points out, doing so without context offers only marginally different protection). I'd be more than happy for end-user agents to offer to do one or both. I would not be happy with the specification mandating particular agent behavior -- it does not appear to mandate sign-then-encrypt now. > {afaik} this can be done in pgp only when both the receiver and sender are > using RSA keys, No. The specification does not tie packet composition to the type of key used. [But in practice: newer PGP versions that support DSA/DH keys also support one-pass signatures, so they may have extra packets, but this has no bearing on the "problem" at hand.] -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQEVAwUBO0DbImNDnIII+QUHAQExNAf+PhMkaRRRQDpATekpf+SH6KMXjxb6dck5 BHBX2U8g3MN0FrsCCI5VSDlL7vPELLgEx+aY2b0PjstiieuQpWUj87kJ3v3lKrhr w5g/GCw/dAGN7hCO/uXKkQNR/OcqZnDcaTP+z3n3mlUpkFJV1EvrSEPWRvYwLCmr zYsc/oMFsj00a5m2Y3xkyB9Zr/qsBxLaPO6OwvtJ8SNnetjIVW29KsccDs26I3ch zFkppBpVqwk6V7cIb7UIYpc1SZkxHFhmzjr9gbN8Jx8BuHG4I92SDhCy9iqX4ybk /2vou8pGWRz2DdVrWidaASg0qbdVVuMH+TsDWp1pWT09peSeMBRB2g== =w8B7 -----END PGP SIGNATURE----- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f62IODo02830 for ietf-openpgp-bks; Mon, 2 Jul 2001 11:24:13 -0700 (PDT) Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f62IOBm02821 for ; Mon, 2 Jul 2001 11:24:11 -0700 (PDT) Received: from [63.73.97.180] (64.69.113.115) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.0.3); Mon, 2 Jul 2001 11:23:56 -0700 Mime-Version: 1.0 X-Sender: jon@63.73.97.162 Message-Id: In-Reply-To: References: Date: Mon, 2 Jul 2001 11:15:39 -0700 To: "vedaal" , From: Jon Callas Subject: Re: separation of signed and encrypted pgp mesages into signed pgp messages Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: At 1:15 PM -0400 7/2/01, vedaal wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >There was a recent paper, > >describing a flaw in the sign and encrypt function of Open PGP. > Well, while this is an interesting paper, it doesn't really describe a cryptographic problem at all, it describes a semantic problem. The problems he outlines don't require encryption, they all work equally well with clear-signed messages, and as someone else pointed out probably work just fine with unsigned messages for the simple reason that if someone sends bare text, people tend to believe its authenticity. >the author assumes that is is possible for the recipient >to strip off the encryption from a signed and encrypted pgp message, >leaving only a verified signed message, >and that the ability to do this is ensured in the Open PGP Standard > >{afaik} this can be done in pgp only when both the receiver and sender are >using RSA keys, > OpenPGP describes that a message is signed, and then the bundle of the plaintext and signature are encrypted. So yes, it's certainly possible for someone to decrypt a message and you then have in your hands a signed message. It does *not* matter what key type it is; the packet formats are the same no matter what the key type. >{can be done only from 2.6.x with the simple one step command: > pgp -da(filename) >which will leave an armored signed message in text form, with a signature >that verifies in any version of pgp > >cannot be done in later command line versions of pgp, as the -d command, >will just decrypt, and not leave a signature, >the -b command will do the same.} > >the people at sci.crypt seem to feel that as long as the program conforms >to pgp standards, such a separation is *do-able* for any key type, even if >a >custom program must be written to do this. > > >does anyone know of any way that this separation can be done for a message >signed and encrypted with a DH/dss key, >with pgp, gpg or any other program, and, is it, in-fact, guaranteed by the >Open PGP Standard, that it 'must' be so? > Take a look at the RFC. Look in particular at Section 10.2. There's nothing in there that specifies what the key type is. Jon Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f62HRvU28656 for ietf-openpgp-bks; Mon, 2 Jul 2001 10:27:57 -0700 (PDT) Received: from hotmail.com (oe57.law3.hotmail.com [209.185.240.57]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f62HRtm28652 for ; Mon, 2 Jul 2001 10:27:55 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 2 Jul 2001 10:16:02 -0700 X-Originating-IP: [207.127.12.210] From: "vedaal" To: Subject: separation of signed and encrypted pgp mesages into signed pgp messages Date: Mon, 2 Jul 2001 13:15:27 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Message-ID: X-OriginalArrivalTime: 02 Jul 2001 17:16:02.0352 (UTC) FILETIME=[AB726B00:01C1031A] Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- There was a recent paper, describing a flaw in the sign and encrypt function of Open PGP. the author assumes that is is possible for the recipient to strip off the encryption from a signed and encrypted pgp message, leaving only a verified signed message, and that the ability to do this is ensured in the Open PGP Standard {afaik} this can be done in pgp only when both the receiver and sender are using RSA keys, {can be done only from 2.6.x with the simple one step command: pgp -da(filename) which will leave an armored signed message in text form, with a signature that verifies in any version of pgp cannot be done in later command line versions of pgp, as the -d command, will just decrypt, and not leave a signature, the -b command will do the same.} the people at sci.crypt seem to feel that as long as the program conforms to pgp standards, such a separation is *do-able* for any key type, even if a custom program must be written to do this. does anyone know of any way that this separation can be done for a message signed and encrypted with a DH/dss key, with pgp, gpg or any other program, and, is it, in-fact, guaranteed by the Open PGP Standard, that it 'must' be so? vedaal -----BEGIN PGP SIGNATURE----- Version: 6.5.8ckt _ build 6 http://www.ipgpp.com/ Comment: { Acts of Kindness better the World, and protect the Soul } Comment: KeyID: 0x6A05A0B785306D25 Comment: Fingerprint: 96A6 5F71 1C43 8423 D9AE 02FD A711 97BA iQEVAwUBO0CixGoFoLeFMG0lAQFztgf+K+sHFg8bkf2LO4HAsm0sINs4bzBBSKCO ctXYl75F3B+SrPW58DwvrdOGwkhO75O4vH9tjOzv7SQR+T9mCK0MQWcar3sYM+D9 GpCnFgq6o9HoBcgwr+cp90y2j1/UQPRrcOjh68EEQy1eXLEvNdz4ZjOgK3cootrK CJSpq2+vX+ki9gRKnZ4LXfCxenNqdHGQkUxXwbBmoJgazeA/orvcNycBJ0CWvCdc tw41Enm3jbFS5aWPmbk90XaCB9tr5R8cixCqvNGaXPKvefBFtwlZfUSQOcTOv4sW 23YFue0ITIpbru3GGQ6sYaJkSdNnFqKZ/sfSnNlJ0Rhu7Pxf3QJAMw== =GP0y -----END PGP SIGNATURE----- --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.263 / Virus Database: 135 - Release Date: 6/22/01