From owner-ietf-openpgp@mail.imc.org Wed Jan 22 10:34:37 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA28096 for ; Wed, 22 Jan 2003 10:34:37 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0MFLqh12540 for ietf-openpgp-bks; Wed, 22 Jan 2003 07:21:52 -0800 (PST) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.183]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0MFLno12536 for ; Wed, 22 Jan 2003 07:21:50 -0800 (PST) Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 18bMhK-0003ma-00 for ietf-openpgp@imc.org; Wed, 22 Jan 2003 16:21:50 +0100 Received: from [62.155.158.172] (helo=coruscant.does-not-exist.org) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 18bMhJ-0005hx-00 for ietf-openpgp@imc.org; Wed, 22 Jan 2003 16:21:49 +0100 Received: by coruscant.does-not-exist.org (Postfix, from userid 1000) id 1A9962ED25; Wed, 22 Jan 2003 16:21:37 +0100 (CET) Date: Wed, 22 Jan 2003 16:21:36 +0100 From: Thomas Roessler To: ietf-openpgp@imc.org Subject: Standardizing inline PGP for e-mail? Message-ID: <20030122152135.GA17189@coruscant.does-not-exist.org> Mail-Followup-To: ietf-openpgp@imc.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.3i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: It seems like inline PGP messages just can't be eradicated, despite all the PGP/MIME we have. I'm wondering if it would be reasonable to produce an RFC on (1) how to tag this on the MIME level, and (2) how to avoid character set problems. Here's the simple proposal (in rough words), as currently implemented in the Mutt mail user agent. 1. Inline PGP messages use text/plain as their MIME type. Inline PGP material is announced in an additional MIME parameter (we call it x-action right now), which can take the values "pgp-encrypt", "pgp-sign". 2. Clearsigned messages are converted to UTF-8 before they are signed and sent. Since UTF-8 is OpenPGP's standard text character set, there is no Charset armor header. The MIME charset header is set to utf-8 as well. 3. Encrypted messages are likewise converted to UTF-8 before they are passed to OpenPGP. Once again, there is no Charset header on the ASCII armor. However, on the MIME level, the message will be us-ascii -- we're using ASCII armor. What's gained by this? You don't have to look at the contents of body parts in order to identify PGP material, which saves you a lot of time. You don't have the complications with non-compliant mail user agents which are caused by content types like application/pgp. You avoid character set conversion confusions. If there is any interest in documenting this as an RFC, I'd be willing to do the drafting. Regards, -- Thomas Roessler From owner-ietf-openpgp@mail.imc.org Wed Jan 22 12:55:27 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA02314 for ; Wed, 22 Jan 2003 12:55:26 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0MHi0V19916 for ietf-openpgp-bks; Wed, 22 Jan 2003 09:44:00 -0800 (PST) Received: from mauve.mrochek.com (mauve.mrochek.com [209.55.107.55]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0MHhxo19912 for ; Wed, 22 Jan 2003 09:43:59 -0800 (PST) Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01KRI9YI897K00AE20@mauve.mrochek.com> for ietf-openpgp@imc.org; Wed, 22 Jan 2003 09:43:59 -0800 (PST) Date: Wed, 22 Jan 2003 09:31:56 -0800 (PST) From: ned.freed@mrochek.com Subject: Re: Standardizing inline PGP for e-mail? In-reply-to: "Your message dated Wed, 22 Jan 2003 16:21:36 +0100" <20030122152135.GA17189@coruscant.does-not-exist.org> To: Thomas Roessler Cc: ietf-openpgp@imc.org Message-id: <01KRJ4SVE10G00AE20@mauve.mrochek.com> MIME-version: 1.0 Content-type: TEXT/PLAIN; CHARSET=us-ascii Content-transfer-encoding: 7BIT References: <20030122152135.GA17189@coruscant.does-not-exist.org> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7BIT > It seems like inline PGP messages just can't be eradicated, despite > all the PGP/MIME we have. I'm wondering if it would be reasonable > to produce an RFC on (1) how to tag this on the MIME level, and (2) > how to avoid character set problems. > Here's the simple proposal (in rough words), as currently > implemented in the Mutt mail user agent. > 1. Inline PGP messages use text/plain as their MIME type. Inline > PGP material is announced in an additional MIME parameter (we call > it x-action right now), which can take the values "pgp-encrypt", > "pgp-sign". Such usage clearly violates RFC 2046 section 4.1.3, which states that text/plain is intended for material that isn't formatted in any way: Plain text is intended to be displayed "as-is", that is, no interpretation of embedded formatting commands, font attribute specifications, processing instructions, interpretation directives, or content markup should be necessary for proper display It also violates the intended use of media type parameters, which are supposed to qualify the format being used rather than identifying it. Format identification is supposed to be done by the media type. Additionally, your typical user agent is far better equipped to dispatch off a media subtype than it is to dispatch on a media type parameter value. Finally, situations exist in non-IETF standards where media types are used without allowing for media type parameters. (That such a situation has come into being is unfortunate, but not something we can do anything about.) This is a total nonstarter IMO. Use of a subtype other than text is a possibility, assuming of course that the idea itself holds water. > 2. Clearsigned messages are converted to UTF-8 before they are > signed and sent. Since UTF-8 is OpenPGP's standard text character > set, there is no Charset armor header. The MIME charset header is > set to utf-8 as well. Sounds fine, but it begs the question of why, if you're going to introduce a major operationaal change to how PGP signs things, you don't just change to generating multipart/signed. > 3. Encrypted messages are likewise converted to UTF-8 before they > are passed to OpenPGP. Once again, there is no Charset header on > the ASCII armor. However, on the MIME level, the message will be > us-ascii -- we're using ASCII armor. Again, a separate media type is going to be needed. Ned From owner-ietf-openpgp@mail.imc.org Wed Jan 22 14:25:39 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA04148 for ; Wed, 22 Jan 2003 14:25:38 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0MJCEh22616 for ietf-openpgp-bks; Wed, 22 Jan 2003 11:12:14 -0800 (PST) Received: from fnord.ir.bbn.com (FNORD.IR.BBN.com [192.1.100.210]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0MJCDo22612 for ; Wed, 22 Jan 2003 11:12:13 -0800 (PST) Received: by fnord.ir.bbn.com (Postfix, from userid 10853) id 3B11B3F34; Wed, 22 Jan 2003 14:12:15 -0500 (EST) To: Thomas Roessler Cc: ietf-openpgp@imc.org Subject: Re: Standardizing inline PGP for e-mail? References: <20030122152135.GA17189@coruscant.does-not-exist.org> From: Greg Troxel Date: 22 Jan 2003 14:12:14 -0500 In-Reply-To: Thomas Roessler's message of "Wed, 22 Jan 2003 16:21:36 +0100" Message-ID: Lines: 27 X-Mailer: Gnus v5.7/Emacs 20.7 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I'm not very clueful about MIME and I18N, so I post with some trepidation. Given Ned's comments, how about "text/openpgp"? This would specify the type of the content in the type, and whether the contents are a key block, encrypted message, signed message, or clearsigned message is already in the contents. It sounds like for messages which are in ASCII, the conversion to UTF-8 is a no-op. To me, part of the point of backwards compatibility is ensuring that an MUA can deal with incoming messages of the form that have been commonly sent for years. emacs/mh-e/mailcrypt, for example, does not insert any MIME headers at all. So, it seems an MUA has to scan a text/plain or a non-MIME message for PGP headers, and process it if they are present. Having messages tagged as the standard would make it reasonable to make this either an explicit user command to process untagged messages or an option that could be defaulted to off. I suppose it all comes down to one's opinion on whether it is reasonable to send PGP with a non-MIME-aware MUA. I do this all the time, and think it is a reasonable thing to want to do. (Opinions on a mh-e/RMAIL style interface that does PGP/MIME nicely are welcome offlist.) Greg Troxel From owner-ietf-openpgp@mail.imc.org Wed Jan 22 14:48:32 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA04768 for ; Wed, 22 Jan 2003 14:48:31 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0MJW4C23663 for ietf-openpgp-bks; Wed, 22 Jan 2003 11:32:04 -0800 (PST) Received: from xfw.transarc.ibm.com (xfw.transarc.ibm.com [192.54.226.51]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0MJW2o23658 for ; Wed, 22 Jan 2003 11:32:02 -0800 (PST) Received: from mailhost.transarc.ibm.com (mailhost.transarc.ibm.com [9.38.192.124]) by xfw.transarc.ibm.com (AIX4.3/UCB 8.7/8.7) with ESMTP id OAA62336 for ; Wed, 22 Jan 2003 14:16:46 -0500 (EST) Received: from mwyoung (dhcp-193-40.transarc.ibm.com [9.38.193.240]) by mailhost.transarc.ibm.com (8.8.0/8.8.0) with SMTP id OAA01953 for ; Wed, 22 Jan 2003 14:31:58 -0500 (EST) Message-ID: <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> From: "Michael Young" To: References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> Subject: Re: Standardizing inline PGP for e-mail? Date: Wed, 22 Jan 2003 14:30:48 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I use mail agents that are PGP/MIME-naive (including one that is MIME-aware, but that makes PGP/MIME messages painful to read), so I'm generally appreciative of what Thomas is trying to do here. But, I'll admit I'm not a MIME specification expert. Quotes are from , > and "Thomas Roessler" > > It seems like inline PGP messages just can't be eradicated, despite > > all the PGP/MIME we have. I'm wondering if it would be reasonable > > to produce an RFC on (1) how to tag this on the MIME level, and (2) > > how to avoid character set problems. This only seems useful if you convince *forward-looking* user agents to adopt it, for the benefit of those using naive user agents. That seems unlikely, as many of them have picked up on PGP/MIME, and would view this as a step backwards. But I'm happy for you to write it up. Those of us using naive user agents will continue to clearsign by hand. (I'm in no position to inject any MIME tags manually.) > Such usage clearly violates RFC 2046 section 4.1.3, which states > that text/plain is intended for material that isn't formatted in any way: Based on my reading of the RFC excerpt that Ned provided, I disagree, for clearsigned messages. No interpretation is *necessary* for proper display -- an agent can simply show the whole mess. (The MIME charset header would apply, I presume.) > Sounds fine, but it begs the question of why, if you're going to introduce a > major operationaal change to how PGP signs things, you don't just change to > generating multipart/signed. It seems that the point is to use a simple MIME type that can be displayed by PGP/MIME-naive agents, or that are acceptable in places that discourage complicated MIME messages (like some newsgroups and mailing lists). Switching to yet another MIME multipart scheme won't help. (I also wouldn't call this an operational change to how PGP signs things -- the actual signing doesn't change. We're simply talking about the MIME wrapping done by the mail user agent.) > > 3. Encrypted messages are likewise converted to UTF-8 before they > > are passed to OpenPGP. Once again, there is no Charset header on > > the ASCII armor. However, on the MIME level, the message will be > > us-ascii -- we're using ASCII armor. Here, it may be fair to argue that this violates the plain/text guidelines. But, what's the harm, if that's what I really want my agent to do in order to make (some of) my recipients happy? Since some agents are going to do this technically-non-compliant thing, Thomas is simply trying to reach agreement on how they do it. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPi7xS+c3iHYL8FknEQK/IgCgtOsOhHSyqW3sHsWtKvW/cMI2eyAAn26C PrBeAm2691JS85PBq3+wkcnE =auuv -----END PGP SIGNATURE----- From owner-ietf-openpgp@mail.imc.org Wed Jan 22 16:59:29 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA09057 for ; Wed, 22 Jan 2003 16:59:29 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0MLa6Y28606 for ietf-openpgp-bks; Wed, 22 Jan 2003 13:36:06 -0800 (PST) Received: from mauve.mrochek.com (mauve.mrochek.com [209.55.107.55]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0MLa5o28602 for ; Wed, 22 Jan 2003 13:36:05 -0800 (PST) Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01KRJCAQ6VBK002DEU@mauve.mrochek.com> for ietf-openpgp@imc.org; Wed, 22 Jan 2003 13:36:06 -0800 (PST) Date: Wed, 22 Jan 2003 13:29:07 -0800 (PST) From: ned.freed@mrochek.com Subject: Re: Standardizing inline PGP for e-mail? In-reply-to: "Your message dated Wed, 22 Jan 2003 14:30:48 -0500" <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> To: Michael Young Cc: ietf-openpgp@imc.org Message-id: <01KRJCWNQOIK002DEU@mauve.mrochek.com> MIME-version: 1.0 Content-type: TEXT/PLAIN; charset=iso-8859-1 Content-transfer-encoding: 7BIT References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7BIT > > Such usage clearly violates RFC 2046 section 4.1.3, which states > > that text/plain is intended for material that isn't formatted in any way: > Based on my reading of the RFC excerpt that Ned provided, I disagree, > for clearsigned messages. No interpretation is *necessary* for > proper display -- an agent can simply show the whole mess. > (The MIME charset header would apply, I presume.) This sure sounds like sophistry to me. And as it happens I'm the one who wrote this text. I can assure you that the intent was to ban the use of text/plain for formatted materials. This was the consensus at the time, and subsequent abuse of the type have if anything strengthened the validity of this take on things. > Switching to yet another MIME multipart scheme won't help. I never suggested any such thing. What I suggest was a different subtype of text. Ned From owner-ietf-openpgp@mail.imc.org Wed Jan 22 18:51:58 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA11524 for ; Wed, 22 Jan 2003 18:51:57 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0MNhdQ03213 for ietf-openpgp-bks; Wed, 22 Jan 2003 15:43:39 -0800 (PST) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0MNhbo03209 for ; Wed, 22 Jan 2003 15:43:37 -0800 (PST) Received: from [212.227.126.161] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 18bUWx-0005xT-00; Thu, 23 Jan 2003 00:43:39 +0100 Received: from [62.155.158.248] (helo=coruscant.does-not-exist.org) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 18bUWw-0008Vv-00; Thu, 23 Jan 2003 00:43:39 +0100 Received: by coruscant.does-not-exist.org (Postfix, from userid 1000) id ACA9D2ED24; Wed, 22 Jan 2003 23:37:54 +0100 (CET) Date: Wed, 22 Jan 2003 23:37:54 +0100 From: Thomas Roessler To: Michael Young , ned.freed@mrochek.com Cc: ietf-openpgp@imc.org Subject: Re: Standardizing inline PGP for e-mail? Message-ID: <20030122223754.GC26081@coruscant.does-not-exist.org> Mail-Followup-To: Michael Young , ned.freed@mrochek.com, ietf-openpgp@imc.org References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <01KRJCWNQOIK002DEU@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> User-Agent: Mutt/1.5.3i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 2003-01-22 14:30:48 -0500, Michael Young wrote: > This only seems useful if you convince *forward-looking* user > agents to adopt it, for the benefit of those using naive user > agents. That seems unlikely, as many of them have picked up on > PGP/MIME, and would view this as a step backwards. But I'm happy > for you to write it up. Maybe I should explain the rationale somewhat more. First of all, with mutt, we generally try to parse things as late as possible -- scanning text/plain for signs of encrypted or signed material is an action which explicitly has to be triggered by the user. From that point of view, having a separate content type is certainly the thing to do. On the other hand, we had lots of complaints when we were using an application/ content type for inline PGP messages (from those who insisted in sending and receiving inline messages). So we were looking for a way to generate inline messages which can (1) be handled by users with pgp-agnostic user agents, and (2) be recognized as PGP-messages early in the parsing process. A MIME parameter for text/plain looked like an easy way to do this. On 2003-01-22 13:29:07 -0800, ned.freed@mrochek.com wrote: > I never suggested any such thing. What I suggest was a different > subtype of text. Thanks for that suggestion. Will look into it. -- Thomas Roessler From owner-ietf-openpgp@mail.imc.org Wed Jan 22 19:06:27 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA11806 for ; Wed, 22 Jan 2003 19:06:26 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0MNuLO03597 for ietf-openpgp-bks; Wed, 22 Jan 2003 15:56:21 -0800 (PST) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0MNuJo03592 for ; Wed, 22 Jan 2003 15:56:19 -0800 (PST) Received: from [212.227.126.161] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 18bUjF-00065Y-00; Thu, 23 Jan 2003 00:56:21 +0100 Received: from [62.155.158.138] (helo=coruscant.does-not-exist.org) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 18bUjE-0000Tq-00; Thu, 23 Jan 2003 00:56:21 +0100 Received: by coruscant.does-not-exist.org (Postfix, from userid 1000) id 9CA6F2ED24; Thu, 23 Jan 2003 00:54:31 +0100 (CET) Date: Thu, 23 Jan 2003 00:54:31 +0100 From: Thomas Roessler To: Michael Young , ned.freed@mrochek.com, ietf-openpgp@imc.org Subject: let's look... Re: Standardizing inline PGP for e-mail? Message-ID: <20030122235431.GA28453@coruscant.does-not-exist.org> Mail-Followup-To: Michael Young , ned.freed@mrochek.com, ietf-openpgp@imc.org References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <20030122223754.GC26081@coruscant.does-not-exist.org> Mime-Version: 1.0 Content-Type: text/x-pgp; charset=us-ascii; x-action=pgp-signed Content-Disposition: inline In-Reply-To: <20030122223754.GC26081@coruscant.does-not-exist.org> User-Agent: Mutt/1.5.3i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2003-01-22 23:37:54 +0100, Thomas Roessler wrote: > On 2003-01-22 13:29:07 -0800, ned.freed@mrochek.com wrote: > > I never suggested any such thing. What I suggest was a different > > subtype of text. > Thanks for that suggestion. Will look into it. This message contains inline PGP material tagged as text/x-pgp. I'd be curious to learn what kind of behaviour this causes. In particular, are those whose user agents aren't prepared to handle PGP by default able to display the "raw" clearsigned material without problems? Thanks, and kind regards, - -- Thomas Roessler -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBPi8vN9ImKUTOasbBAQL/iQgAvRAAcl/+s6dv9L3bo6LtJueHoZ3eR5KB iUnq9lAky5KO2cKG+giS7R2MeSSt4/BvWezPWoCyoQjMoJvIWR3+e8sOB3OoFZhU uJ+klrGP6LcXMeV0R1MOJ+pEEHVxEM8rHzcoEwaPkKCECC3WXg0c5R2PXNUO/723 EnV9dgtDo7kxz6WOo8heXlEP/2lSa9ogbTRaBgs4cx+QBBVbAEmTvxmzu1Jbjfg+ /WG/60lERXnnuJN3UE8nJcWMBJJKbacyijf4SaqX6PyknyGAr4FOIG7qguijIjpr OpGHOdNbyadpST9Y7tqDVfH5ubKwTNRvKLjZr2zOT40ipAvWr9fT6A== =CPvZ -----END PGP SIGNATURE----- From owner-ietf-openpgp@mail.imc.org Wed Jan 22 19:07:09 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA11826 for ; Wed, 22 Jan 2003 19:07:08 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0N005L03699 for ietf-openpgp-bks; Wed, 22 Jan 2003 16:00:05 -0800 (PST) Received: from xfw.transarc.ibm.com (xfw.transarc.ibm.com [192.54.226.51]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0N004o03695 for ; Wed, 22 Jan 2003 16:00:04 -0800 (PST) Received: from mailhost.transarc.ibm.com (mailhost.transarc.ibm.com [9.38.192.124]) by xfw.transarc.ibm.com (AIX4.3/UCB 8.7/8.7) with ESMTP id SAA07870 for ; Wed, 22 Jan 2003 18:44:49 -0500 (EST) Received: from mwyoung (dhcp-193-40.transarc.ibm.com [9.38.193.240]) by mailhost.transarc.ibm.com (8.8.0/8.8.0) with SMTP id TAA03330 for ; Wed, 22 Jan 2003 19:00:02 -0500 (EST) Message-ID: <008c01c2c272$2f81ef20$f0c12609@transarc.ibm.com> From: "Michael Young" To: References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> Subject: Re: Standardizing inline PGP for e-mail? Date: Wed, 22 Jan 2003 18:58:38 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ned.freed@mrochek.com writes: > This sure sounds like sophistry to me. It wasn't intended as such. The terms in the excerpt strongly suggested display-oriented formatting to me. It is certainly not necessary to display the PGP clearsigned text specially in order to express the appearance that the sender intended. > And as it happens I'm the one who wrote this text. I can assure you that the > intent was to ban the use of text/plain for formatted materials. Thanks. I apologize for my misinterpretation. I really shouldn't have commented on the MIME specification at all. It's not my specialty, as you have made clear. But more importantly, I don't think it's really the point. I don't think that Thomas is trying to claim that this is either ideal or strictly legal. He appears to be documenting an actual implementation of an extra-legal extension to solve a practical problem in the hopes that others would adopt the same solution. The problem involves both non-MIME agents and MIME agents that handle PGP/MIME badly, so it's no surprise that a purely MIME-compliant solution may not be possible. If I have misrepresented Thomas's intentions, perhaps he'll clarify. > I never suggested any such thing. What I suggest was a different > subtype of text. My apologies. Rereading your original note alone, that still isn't clear to me, but that's my fault. Perhaps others can comment on whether their user agents react to text/something-else better than proper PGP/MIME. Separately, "Greg Troxel" writes: > I suppose it all comes down to one's opinion on whether it is > reasonable to send PGP with a non-MIME-aware MUA. I think it's a more a matter of wanting to send PGP-encoded material to *receivers* that don't understand MIME or PGP/MIME, and wanting the best possible display given their limitations, all the while allowing PGP-aware agents to use the extra formatting. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPi8wKOc3iHYL8FknEQLs+wCfT4n45rZ2tpWr9j/u7eGx6kwPs9MAnAmD ntkApqtkfAMknBQLKh1R8YhN =YWGs -----END PGP SIGNATURE----- From owner-ietf-openpgp@mail.imc.org Wed Jan 22 19:18:57 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA12113 for ; Wed, 22 Jan 2003 19:18:56 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0N07N103914 for ietf-openpgp-bks; Wed, 22 Jan 2003 16:07:23 -0800 (PST) Received: from xfw.transarc.ibm.com (xfw.transarc.ibm.com [192.54.226.51]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0N07Mo03909 for ; Wed, 22 Jan 2003 16:07:22 -0800 (PST) Received: from mailhost.transarc.ibm.com (mailhost.transarc.ibm.com [9.38.192.124]) by xfw.transarc.ibm.com (AIX4.3/UCB 8.7/8.7) with ESMTP id SAA24624 for ; Wed, 22 Jan 2003 18:52:07 -0500 (EST) Received: from mwyoung (dhcp-193-40.transarc.ibm.com [9.38.193.240]) by mailhost.transarc.ibm.com (8.8.0/8.8.0) with SMTP id TAA03379 for ; Wed, 22 Jan 2003 19:07:19 -0500 (EST) Message-ID: <009b01c2c273$341ae2c0$f0c12609@transarc.ibm.com> From: "Michael Young" To: References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <20030122223754.GC26081@coruscant.does-not-exist.org> <20030122235431.GA28453@coruscant.does-not-exist.org> Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? Date: Wed, 22 Jan 2003 19:05:56 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Excellent idea... Your message displays fine in Outlook Express. (Yes, I know it's a noxious agent.) The signature verified fine using PGP6.5's "current window" support. I'll try other agents when I can. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPi8xoOc3iHYL8FknEQJjGACdGcb79RZIFSv0zOws+p6+Tg4ry2AAoP5+ 5TezNgsGxb+LaoeGEdnA9kOS =DrFD -----END PGP SIGNATURE----- From owner-ietf-openpgp@mail.imc.org Wed Jan 22 19:37:28 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA12530 for ; Wed, 22 Jan 2003 19:37:26 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0N0ROd04690 for ietf-openpgp-bks; Wed, 22 Jan 2003 16:27:24 -0800 (PST) Received: from conure.mail.pas.earthlink.net (conure.mail.pas.earthlink.net [207.217.120.54]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0N0RNo04685 for ; Wed, 22 Jan 2003 16:27:23 -0800 (PST) Received: from h-69-3-25-159.snvacaid.covad.net ([69.3.25.159] helo=[192.168.1.5]) by conure.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 18bVDJ-0002Ye-00 for ietf-openpgp@imc.org; Wed, 22 Jan 2003 16:27:25 -0800 X-Sender: frantz%pwpconsult.com@pop.business.earthlink.net Message-Id: In-Reply-To: <20030122235431.GA28453@coruscant.does-not-exist.org> References: <20030122223754.GC26081@coruscant.does-not-exist.org> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <20030122223754.GC26081@coruscant.does-not-exist.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 22 Jan 2003 16:27:26 -0800 To: ietf-openpgp@imc.org From: Bill Frantz Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: At 3:54 PM -0800 1/22/03, Thomas Roessler wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On 2003-01-22 23:37:54 +0100, Thomas Roessler wrote: > >> On 2003-01-22 13:29:07 -0800, ned.freed@mrochek.com wrote: > >> > I never suggested any such thing. What I suggest was a different >> > subtype of text. > >> Thanks for that suggestion. Will look into it. > >This message contains inline PGP material tagged as text/x-pgp. I'd >be curious to learn what kind of behaviour this causes. In >particular, are those whose user agents aren't prepared to handle >PGP by default able to display the "raw" clearsigned material >without problems? > >Thanks, and kind regards, >- -- >Thomas Roessler >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.1 (GNU/Linux) > >iQEVAwUBPi8vN9ImKUTOasbBAQL/iQgAvRAAcl/+s6dv9L3bo6LtJueHoZ3eR5KB >iUnq9lAky5KO2cKG+giS7R2MeSSt4/BvWezPWoCyoQjMoJvIWR3+e8sOB3OoFZhU >uJ+klrGP6LcXMeV0R1MOJ+pEEHVxEM8rHzcoEwaPkKCECC3WXg0c5R2PXNUO/723 >EnV9dgtDo7kxz6WOo8heXlEP/2lSa9ogbTRaBgs4cx+QBBVbAEmTvxmzu1Jbjfg+ >/WG/60lERXnnuJN3UE8nJcWMBJJKbacyijf4SaqX6PyknyGAr4FOIG7qguijIjpr >OpGHOdNbyadpST9Y7tqDVfH5ubKwTNRvKLjZr2zOT40ipAvWr9fT6A== >=CPvZ >-----END PGP SIGNATURE----- My Eudora 3.1 doesn't seem to have a problem with it. On the other hand, I don't see any MIME headers when I view the full message. Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | Sacred cows make the | Periwinkle -- Consulting (408)356-8506 | tastiest hamburgers. | 16345 Englewood Ave. frantz@pwpconsult.com | - David Wagner | Los Gatos, CA 95032, USA From owner-ietf-openpgp@mail.imc.org Wed Jan 22 21:25:40 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA14133 for ; Wed, 22 Jan 2003 21:25:39 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0N2GQ007836 for ietf-openpgp-bks; Wed, 22 Jan 2003 18:16:26 -0800 (PST) Received: from mail1.wiktel.com (mail1.wiktel.com [204.221.145.7]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0N2GOo07832 for ; Wed, 22 Jan 2003 18:16:24 -0800 (PST) Received: from NB1131 (unverified [146.57.166.48]) by wiktel.com (Rockliffe SMTPRA 5.2.5) with ESMTP id ; Wed, 22 Jan 2003 20:16:10 -0600 From: "Richard Laager" To: "'Thomas Roessler'" Cc: Subject: RE: let's look... Re: Standardizing inline PGP for e-mail? Date: Wed, 22 Jan 2003 20:16:30 -0600 Organization: Wikstrom Telecom Internet Message-ID: <000001c2c285$723d15c0$30a63992@umcrookston.edu> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 In-Reply-To: <20030122235431.GA28453@coruscant.does-not-exist.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > -----Original Message----- > From: owner-ietf-openpgp@mail.imc.org > [mailto:owner-ietf-openpgp@mail.imc.org] On Behalf Of Thomas > Roessler Sent: Wednesday, January 22, 2003 5:55 PM > To: Michael Young; ned.freed@mrochek.com; ietf-openpgp@imc.org > Subject: let's look... Re: Standardizing inline PGP for e-mail? Things don't look well for Outlook. It displays the message as a text attachment. Richard Laager -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPi9QfW31OrleHxvOEQIsgQCg4ScEq6vJvqeAPwgzRr1sr5H45z8Anjzs 8/5RNTXz+WfHo1diHrSEQgZG =Fv7q -----END PGP SIGNATURE----- From owner-ietf-openpgp@mail.imc.org Thu Jan 23 01:43:38 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA18802 for ; Thu, 23 Jan 2003 01:43:37 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0N6U7315145 for ietf-openpgp-bks; Wed, 22 Jan 2003 22:30:07 -0800 (PST) Received: from tkrat.org (tkrat.math.chalmers.se [129.16.168.189]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0N6U5o15141 for ; Wed, 22 Jan 2003 22:30:06 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by tkrat.org (Postfix) with ESMTP id 640002FC8; Thu, 23 Jan 2003 07:30:06 +0100 (MET) Date: Thu, 23 Jan 2003 06:55:06 +0100 (CET) From: maf@tkrat.org Reply-To: maf@tkrat.org Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? To: roessler@does-not-exist.org Cc: ietf-openpgp@imc.org MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=us-ascii Content-Disposition: INLINE Message-Id: <20030123063006.640002FC8@tkrat.org> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 23 Jan, Thomas Roessler wrote: > This message contains inline PGP material tagged as text/x-pgp. I'd > be curious to learn what kind of behaviour this causes. In > particular, are those whose user agents aren't prepared to handle > PGP by default able to display the "raw" clearsigned material > without problems? TkRat, just shows a blob stating that here is an object of type text/x-pgp and some buttons with different actions. One of the actions is "View as plain text" and selecting that shows the message content. It also recognizes that it is an embedded pgp message and thus gives the option to check the signature. /MaF PS I am the author of TkRat so obviously I am biased:-) From owner-ietf-openpgp@mail.imc.org Thu Jan 23 02:40:23 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA29348 for ; Thu, 23 Jan 2003 02:40:22 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0N7Yng23828 for ietf-openpgp-bks; Wed, 22 Jan 2003 23:34:49 -0800 (PST) Received: from mgo.iij.ad.jp (root@mgo.iij.ad.jp [202.232.15.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0N7Ymo23823 for ; Wed, 22 Jan 2003 23:34:48 -0800 (PST) Received: from ns.iij.ad.jp ([192.168.2.111]) by mgo.iij.ad.jp (8.8.8/MGO1.0) with ESMTP id QAA15681 for ; Thu, 23 Jan 2003 16:34:38 +0900 (JST) Received: from fs.iij.ad.jp (root@fs.iij.ad.jp [192.168.2.9]) by ns.iij.ad.jp (8.8.5/3.5Wpl7) with ESMTP id QAA19001 for ; Thu, 23 Jan 2003 16:34:37 +0900 (JST) Received: from localhost (mine.iij.ad.jp [192.168.4.209]) by fs.iij.ad.jp (8.8.5/3.5Wpl7) with ESMTP id QAA09990 for ; Thu, 23 Jan 2003 16:34:37 +0900 (JST) Date: Thu, 23 Jan 2003 16:32:51 +0900 (JST) Message-Id: <20030123.163251.125127036.kazu@iijlab.net> To: ietf-openpgp@imc.org Subject: Re: Standardizing inline PGP for e-mail? From: Kazu Yamamoto (=?iso-2022-jp?B?GyRCOzNLXE9CSScbKEI=?=) In-Reply-To: References: <20030122152135.GA17189@coruscant.does-not-exist.org> X-Mailer: Mew version 3.1.52 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit From: Greg Troxel Subject: Re: Standardizing inline PGP for e-mail? > Given Ned's comments, how about "text/openpgp"? I will support the text/openpgp (only for PGP clear signature, see below) if proposed. Note that the text/pgp approach was proposed several times (once during standardizing RFC 2015, and several times after RFC 2015) to maintain backward compatibility to both non-MIME-aware and MIME-aware-but-non-PGP/MIME-aware user agents. My concern is that these proposals were always rejected by IETF without reasons which make sense to me. > This would specify the type of the content in the type, and whether > the contents are a key block, encrypted message, signed message, or > clearsigned message is already in the contents. Please use subtypes of "application" for signed message and encrypted message. We need to carefully consider character set issues for them. Just saying "use UTF-8" does not solve situation at least in Japan. Conversion from a traditional CJK character set to UTF-8 is quite tough. For PGP clear signature, we are free from this kind of character set issues because the "charset" parameter tells. See the followin example: Content-Type: text/openpgp; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Quoted-Printable(PGP clear signature in ISO-8859-1) --Kazu From owner-ietf-openpgp@mail.imc.org Thu Jan 23 03:51:18 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA00467 for ; Thu, 23 Jan 2003 03:51:17 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0N8iU607015 for ietf-openpgp-bks; Thu, 23 Jan 2003 00:44:30 -0800 (PST) Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0N8iTo07005 for ; Thu, 23 Jan 2003 00:44:29 -0800 (PST) Received: from [63.73.97.183] (63.73.97.165) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.1.4); Thu, 23 Jan 2003 00:44:26 -0800 User-Agent: Microsoft-Entourage/10.1.1.2418 Date: Thu, 23 Jan 2003 00:44:26 -0800 Subject: Re: Standardizing inline PGP for e-mail? From: Jon Callas To: Thomas Roessler , OpenPGP Message-ID: In-Reply-To: <20030122152135.GA17189@coruscant.does-not-exist.org> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'll summarize an opinion I've stated before. The list of MUAs that handle OpenPGP/MIME correctly is very small. The list of MUAs that handle plain old clear-signed messages is very large. The work that needs to be done is in user software, not in RFCs. Jon -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPi+rW7E3nVmTg94GEQINSACgtTMtOAnnpMfheihcso4sDRKmzpUAn3h6 8sZ0dS2buZlN3P20sHduy7rc =DYak -----END PGP SIGNATURE----- From owner-ietf-openpgp@mail.imc.org Thu Jan 23 08:47:46 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA07359 for ; Thu, 23 Jan 2003 08:47:46 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0NDaqa07512 for ietf-openpgp-bks; Thu, 23 Jan 2003 05:36:52 -0800 (PST) Received: from yxa.extundo.com (178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0NDano07507 for ; Thu, 23 Jan 2003 05:36:50 -0800 (PST) Received: from latte.josefsson.org (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.12.6/8.12.6) with ESMTP id h0NDaeRr026336 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 23 Jan 2003 14:36:41 +0100 To: "Richard Laager" Cc: "'Thomas Roessler'" , Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? X-Payment: hashcash 1.1 0:030123:rlaager@wiktel.com:5a2e5eaabf1d9b03 X-Hashcash: 0:030123:rlaager@wiktel.com:5a2e5eaabf1d9b03 X-Payment: hashcash 1.1 0:030123:roessler@does-not-exist.org:6b675fe3d03df70c X-Hashcash: 0:030123:roessler@does-not-exist.org:6b675fe3d03df70c X-Payment: hashcash 1.1 0:030123:ietf-openpgp@imc.org:1f21785e28a499bf X-Hashcash: 0:030123:ietf-openpgp@imc.org:1f21785e28a499bf From: Simon Josefsson Date: Thu, 23 Jan 2003 14:36:40 +0100 In-Reply-To: <000001c2c285$723d15c0$30a63992@umcrookston.edu> ("Richard Laager"'s message of "Wed, 22 Jan 2003 20:16:30 -0600") Message-ID: User-Agent: Gnus/5.090014 (Oort Gnus v0.14) Emacs/21.3.50 (i686-pc-linux-gnu) References: <000001c2c285$723d15c0$30a63992@umcrookston.edu> X-Face: FmU60_S;07.b/mq$mN4i[hYDH,9?'f\&F~>ROKqqN6'k$rh#oKV}|(Ol8$)L4`#XB"b|Tnu J"{VKSYBqieg/2&a.0pI2[7A\9*s+=%Zq\^> List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "Richard Laager" writes: > >> -----Original Message----- >> From: owner-ietf-openpgp@mail.imc.org >> [mailto:owner-ietf-openpgp@mail.imc.org] On Behalf Of Thomas >> Roessler Sent: Wednesday, January 22, 2003 5:55 PM >> To: Michael Young; ned.freed@mrochek.com; ietf-openpgp@imc.org >> Subject: let's look... Re: Standardizing inline PGP for e-mail? > > Things don't look well for Outlook. It displays the message as a text > attachment. Maybe it needs a Content-Disposition: inline. Does this message render better? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.2-cvs (GNU/Linux) iQC1AwUBPi/v3e2iHpS1ZXFvAQJbtwT/XBNG5ltvFbtllkPJp2ejIto5rMKCf00j ztmymvGuGPIT9FgMuIdxX1iQ/Tu3+iOHSsPqwcJIV30w6sy1HUzXzBic3/ApnAir t5ZvSOLpmK7t7PxxUFEdmijkRy4yG7LBDOw4X92e74FxBYE8aSFQugM6jFyovxdn dAVf56//5hucWYCTqGTADFSTcUvT+X6+BanPWIPb1ik78LLGwnbDKA== =HxpE -----END PGP SIGNATURE----- From owner-ietf-openpgp@mail.imc.org Thu Jan 23 08:47:49 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA07388 for ; Thu, 23 Jan 2003 08:47:48 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0NDfeM07729 for ietf-openpgp-bks; Thu, 23 Jan 2003 05:41:40 -0800 (PST) Received: from yxa.extundo.com (178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0NDfco07723 for ; Thu, 23 Jan 2003 05:41:38 -0800 (PST) Received: from latte.josefsson.org (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.12.6/8.12.6) with ESMTP id h0NDfaRr026410 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 23 Jan 2003 14:41:37 +0100 To: ned.freed@mrochek.com Cc: Thomas Roessler , ietf-openpgp@imc.org Subject: Re: Standardizing inline PGP for e-mail? X-Payment: hashcash 1.1 0:030123:ned.freed@mrochek.com:8a5ce5ef377933a3 X-Hashcash: 0:030123:ned.freed@mrochek.com:8a5ce5ef377933a3 X-Payment: hashcash 1.1 0:030123:roessler@does-not-exist.org:99cf01619fa8d8a8 X-Hashcash: 0:030123:roessler@does-not-exist.org:99cf01619fa8d8a8 X-Payment: hashcash 1.1 0:030123:ietf-openpgp@imc.org:acf1fd8a677f9fde X-Hashcash: 0:030123:ietf-openpgp@imc.org:acf1fd8a677f9fde From: Simon Josefsson Date: Thu, 23 Jan 2003 14:41:36 +0100 In-Reply-To: <01KRJ4SVE10G00AE20@mauve.mrochek.com> (ned.freed@mrochek.com's message of "Wed, 22 Jan 2003 09:31:56 -0800 (PST)") Message-ID: User-Agent: Gnus/5.090014 (Oort Gnus v0.14) Emacs/21.3.50 (i686-pc-linux-gnu) References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> X-Face: 1Yn@M+tp9bHO[8c_KMq4EAehxF;z,'j|yrivOiG+mxk$hnZac61A{@h6 List-Unsubscribe: List-ID: ned.freed@mrochek.com writes: >> It seems like inline PGP messages just can't be eradicated, despite >> all the PGP/MIME we have. I'm wondering if it would be reasonable >> to produce an RFC on (1) how to tag this on the MIME level, and (2) >> how to avoid character set problems. > >> Here's the simple proposal (in rough words), as currently >> implemented in the Mutt mail user agent. > >> 1. Inline PGP messages use text/plain as their MIME type. Inline >> PGP material is announced in an additional MIME parameter (we call >> it x-action right now), which can take the values "pgp-encrypt", >> "pgp-sign". > > Such usage clearly violates RFC 2046 section 4.1.3, which states > that text/plain is intended for material that isn't formatted in any way: > > Plain text is intended to be displayed "as-is", that is, no interpretation of > embedded formatting commands, font attribute specifications, processing > instructions, interpretation directives, or content markup should be necessary > for proper display > > It also violates the intended use of media type parameters, which are supposed > to qualify the format being used rather than identifying it. Format > identification is supposed to be done by the media type. FWIW, there is a standards track precedence for Thomas' approach; the RFC 2646 format=flowed parameter that modifies how text/plain is rendered. From owner-ietf-openpgp@mail.imc.org Thu Jan 23 09:51:07 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA09281 for ; Thu, 23 Jan 2003 09:51:06 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0NEhk411475 for ietf-openpgp-bks; Thu, 23 Jan 2003 06:43:46 -0800 (PST) Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.33]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0NEhjo11471 for ; Thu, 23 Jan 2003 06:43:45 -0800 (PST) Received: from mailserver3.hushmail.com (mailserver3.hushmail.com [65.39.178.45]) by smtp3.hushmail.com (Postfix) with ESMTP id 073FC5C91 for ; Thu, 23 Jan 2003 06:43:40 -0800 (PST) Received: from mailserver3.hushmail.com (localhost [127.0.0.1]) by mailserver3.hushmail.com (8.12.6/8.12.3) with ESMTP id h0NEhdH2091217 for ; Thu, 23 Jan 2003 06:43:39 -0800 (PST) (envelope-from vedaal@hush.com) Received: (from nobody@localhost) by mailserver3.hushmail.com (8.12.6/8.12.3/Submit) id h0NEhdpW091216 for ietf-openpgp@imc.org; Thu, 23 Jan 2003 06:43:39 -0800 (PST) Message-Id: <200301231443.h0NEhdpW091216@mailserver3.hushmail.com> Date: Thu, 23 Jan 2003 06:43:38 -0800 To: ietf-openpgp@imc.org Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? From: vedaal@hush.com Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 22 Jan 2003 16:05:56 -0800 Michael Young wrote: >Excellent idea... > >Your message displays fine in Outlook Express. (Yes, I know it's >a noxious agent.) The signature verified fine using PGP6.5's "current >window" support. > >I'll try other agents when I can. fwiw, no clearsigned messages verify in hushmail, they do not even display the pgp headers, footers and signatures unless the 'show actual message' display is checked, and even then, while it does display everything, it verifies as 'bad' also, btw, the huhmail pgp armor has 66 characters per line as opposed to the standard pgp 64 am signing this from hushmail, from the 'current window' vedaal -----BEGIN PGP SIGNATURE----- Version: 6.5.8ckt http://www.ipgpp.com/ Comment: { Acts of Kindness better the World, and protect the Soul } Comment: KeyID: 0x6A05A0B785306D25 Comment: Fingerprint: 96A6 5F71 1C43 8423 D9AE 02FD A711 97BA iQEVAwUBPi/+jWoFoLeFMG0lAQFaMAgAgKmUMtl/e/SzcZwbmAPbngaRgop7qGK2 AznS6isV7Ft7116g9np6B9NfKM6JgUJ1zSt2Vq9F223GjqHM/ifU8TIbWNlCXdjI TcgzOmQ8i5B2pLTCH48Lf7DxSoBipuHubOgMqexK9cgXwHeI6Telidfofp9fLf8w 55BNKpnGSKaYNhqrW+g+mfzgSo6w2/h06S8O5PE8GCHlelqvkHTjYysYHDMM5pDn NQ2XI2RdAPOqkHvTJzF6IegOGSZvB3Gp6/BFTblInjzM7TXyKMNQZQfXZ0b6IA6f mHkg2hzao/EHiLuepH9O/W6TId4hSq2ODtj3wBP0PD+Ln7Svw40nPw== =HFws -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 From owner-ietf-openpgp@mail.imc.org Thu Jan 23 15:56:42 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA19822 for ; Thu, 23 Jan 2003 15:56:41 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0NKkNC07820 for ietf-openpgp-bks; Thu, 23 Jan 2003 12:46:23 -0800 (PST) Received: from mail3.wiktel.com (mail3.wiktel.com [204.221.145.9]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0NKkLo07815 for ; Thu, 23 Jan 2003 12:46:21 -0800 (PST) Received: from NB1131 (unverified [146.57.166.48]) by wiktel.com (Rockliffe SMTPRA 5.2.5) with ESMTP id ; Thu, 23 Jan 2003 13:40:19 -0500 From: "Richard Laager" To: "'Simon Josefsson'" Cc: Subject: RE: let's look... Re: Standardizing inline PGP for e-mail? Date: Thu, 23 Jan 2003 13:40:11 -0600 Organization: Wikstrom Telecom Internet Message-ID: <000a01c2c317$3f0b3b40$30a63992@umcrookston.edu> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Simon Josefsson wrote: > > Things don't look well for Outlook. It displays the message as a > > text attachment. > > Maybe it needs a Content-Disposition: inline. Does this message > render better? Nope. It still shows as a text attachment. Richard Laager -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPjBENW31OrleHxvOEQKmWACeK4IZ1rQhNqyD2v9JiUMT0L8i++wAnRqQ gLXORHDWe+P06DJyPeVHQLeo =uPpt -----END PGP SIGNATURE----- From owner-ietf-openpgp@mail.imc.org Thu Jan 23 16:41:32 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA20918 for ; Thu, 23 Jan 2003 16:41:32 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0NLZfG10590 for ietf-openpgp-bks; Thu, 23 Jan 2003 13:35:41 -0800 (PST) Received: from claude.jabberwocky.com (walrus.ne.client2.attbi.com [24.60.130.129]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0NLZdo10586 for ; Thu, 23 Jan 2003 13:35:40 -0800 (PST) Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id h0NLZbk13169 for ietf-openpgp@imc.org; Thu, 23 Jan 2003 16:35:37 -0500 Date: Thu, 23 Jan 2003 16:35:37 -0500 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? Message-ID: <20030123213537.GA13061@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <20030122223754.GC26081@coruscant.does-not-exist.org> <20030122235431.GA28453@coruscant.does-not-exist.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030122235431.GA28453@coruscant.does-not-exist.org> X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-URL: http://www.jabberwocky.com/ X-Phase-Of-Moon: The Moon is Waning Gibbous (67% of Full) User-Agent: Mutt/1.5.2i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I think in general that creating a new subtype of text to solve this problem is a non-starter. Part of the original problem was that not enough mailers supported PGP/MIME (or indeed, MIME in general) sufficiently well. I suspect that using a new subtype will eventually end up as "PGP/MIME lite" and will similarly not be supported. Anything that causes the equivalent of "cat message | gpg --clearsign | mail user@example.com" to no longer work well is not going to work out in the real world. I like the original suggestion far better (with or without the x-action: tag) as it does not preclude the above pipeline. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From owner-ietf-openpgp@mail.imc.org Fri Jan 24 03:40:33 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA13029 for ; Fri, 24 Jan 2003 03:40:32 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0O8VQb29649 for ietf-openpgp-bks; Fri, 24 Jan 2003 00:31:26 -0800 (PST) Received: from gluggsi.fortytwo.ch (zux006-042-224.adsl.green.ch [81.6.42.224]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0O8VOo29642 for ; Fri, 24 Jan 2003 00:31:24 -0800 (PST) Received: from altfrangg.fortytwo.ch (altfrangg.fortytwo.ch [192.168.1.17]) by gluggsi.fortytwo.ch (Postfix) with ESMTP id 91CEA79E0 for ; Fri, 24 Jan 2003 09:31:11 +0100 (CET) Received: by altfrangg.fortytwo.ch (Postfix, from userid 1000) id 9463B8B9D6; Fri, 24 Jan 2003 09:31:10 +0100 (CET) Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? From: "Adrian 'Dagurashibanipal' von Bidder" To: ietf-openpgp@imc.org In-Reply-To: <20030123213537.GA13061@jabberwocky.com> References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <20030122223754.GC26081@coruscant.does-not-exist.org> <20030122235431.GA28453@coruscant.does-not-exist.org> <20030123213537.GA13061@jabberwocky.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-bS/CV2WSjjwyHUwGyZM0" Message-Id: <1043397070.855.25.camel@altfrangg.fortytwo.ch> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.1 Date: 24 Jan 2003 09:31:10 +0100 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --=-bS/CV2WSjjwyHUwGyZM0 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Don, 2003-01-23 at 22:35, David Shaw wrote: > I think in general that creating a new subtype of text to solve this > problem is a non-starter. Part of the original problem was that not > enough mailers supported PGP/MIME (or indeed, MIME in general) > sufficiently well. I suspect that using a new subtype will eventually > end up as "PGP/MIME lite" and will similarly not be supported. Additionally, specifying inline PGP could make Software vendors even more reluctant to support PGP/MIME properly. Why not make it absolutely clear that PGP/MIME is the only form of PGP in email mailers are supposed to use. inline pgp won't get worse as it is - but manpower should be directed into making PGP/MIME work, not into fixing inline pgp, imho. cheers -- vbi --=20 featured link: http://fortytwo.ch/gpg/subkeys --=-bS/CV2WSjjwyHUwGyZM0 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: get my key from http://fortytwo.ch/gpg/92082481 iHMEABECADMFAj4w+c0sGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99YK5ACfc06fwtxoqpIIqeck+q5uHEyvKlcA oJ4E5oDQAV8blCd/DkjL4HXchFcJ =cy5Y -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/legal/gpg/email.20020822 --=-bS/CV2WSjjwyHUwGyZM0-- From owner-ietf-openpgp@mail.imc.org Fri Jan 24 05:38:16 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA15288 for ; Fri, 24 Jan 2003 05:38:15 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0OAUb419202 for ietf-openpgp-bks; Fri, 24 Jan 2003 02:30:37 -0800 (PST) Received: from mail.glueckkanja.com (mail.glueckkanja.com [62.8.243.3]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0OAUZo19187 for ; Fri, 24 Jan 2003 02:30:36 -0800 (PST) Subject: RE: let's look... Re: Standardizing inline PGP for e-mail? MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 24 Jan 2003 11:30:27 +0100 Content-Class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Message-ID: <2F89C141B5B67645BB56C0385375788248199B@guk1d002.glueckkanja.org> Thread-Topic: let's look... Re: Standardizing inline PGP for e-mail? thread-index: AcLDImxlWJ4BSSx4RCiRTJ80jaQMIgAcHN/A From: "Dominikus Scherkl" To: "Richard Laager" Cc: Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h0OAUbo19199 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 8bit > Simon Josefsson wrote: > > > Things don't look well for Outlook. It displays the message as a > > > text attachment. > > > > Maybe it needs a Content-Disposition: inline. Does this message > > render better? > > Nope. It still shows as a text attachment. ?!? What Outlook version (or configuration?!?) do you use? With mine it works fine (and our Plug-In Crypto-Ex has no problem to verify the signature). Best regards. -- Dominikus Scherkl dominikus.scherkl@glueckkanja.com From owner-ietf-openpgp@mail.imc.org Fri Jan 24 10:27:39 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA22435 for ; Fri, 24 Jan 2003 10:27:38 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0OFKJB09409 for ietf-openpgp-bks; Fri, 24 Jan 2003 07:20:19 -0800 (PST) Received: from express (express.wiktel.com [204.221.145.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0OFKHo09403 for ; Fri, 24 Jan 2003 07:20:17 -0800 (PST) Received: from NB1131 (unverified [146.57.166.48]) by wiktel.com (Rockliffe SMTPRA 5.2.5) with ESMTP id ; Fri, 24 Jan 2003 09:20:09 -0500 From: "Richard Laager" To: "'Dominikus Scherkl'" Cc: Subject: RE: let's look... Re: Standardizing inline PGP for e-mail? Date: Fri, 24 Jan 2003 09:20:04 -0600 Organization: Wikstrom Telecom Internet Message-ID: <000801c2c3bc$13707400$30a63992@umcrookston.edu> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 In-Reply-To: <2F89C141B5B67645BB56C0385375788248199B@guk1d002.glueckkanja.org> Importance: Normal Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dominikus Scherkl wrote: > > Simon Josefsson wrote: > > > > Things don't look well for Outlook. It displays the message > > > > as a text attachment. > > > > > > Maybe it needs a Content-Disposition: inline. Does this > > > message render better? > > > > Nope. It still shows as a text attachment. > > ?!? > What Outlook version (or configuration?!?) do you use? Outlook XP, a.k.a. Outlook 2002 (10.3513.3501) SP-1 > With mine it works fine (and our Plug-In Crypto-Ex has no > problem to verify the signature). Richard Laager -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPjFZh231OrleHxvOEQIDJgCeNceHv/5UgDSgzPOxjRu6QboTWGMAni8P G7ZabwQNLdV6qcxwtlqfhvk8 =qm6h -----END PGP SIGNATURE----- From owner-ietf-openpgp@mail.imc.org Fri Jan 24 11:22:21 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA23982 for ; Fri, 24 Jan 2003 11:22:20 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0OG9kQ14260 for ietf-openpgp-bks; Fri, 24 Jan 2003 08:09:46 -0800 (PST) Received: from xfw.transarc.ibm.com (xfw.transarc.ibm.com [192.54.226.51]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0OG9io14255 for ; Fri, 24 Jan 2003 08:09:44 -0800 (PST) Received: from mailhost.transarc.ibm.com (mailhost.transarc.ibm.com [9.38.192.124]) by xfw.transarc.ibm.com (AIX4.3/UCB 8.7/8.7) with ESMTP id KAA58790 for ; Fri, 24 Jan 2003 10:54:20 -0500 (EST) Received: from mwyoung (dhcp-193-40.transarc.ibm.com [9.38.193.240]) by mailhost.transarc.ibm.com (8.8.0/8.8.0) with SMTP id LAA13205 for ; Fri, 24 Jan 2003 11:09:34 -0500 (EST) Message-ID: <002601c2c3c2$d3e57fe0$f0c12609@transarc.ibm.com> From: "Michael Young" To: References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <20030122223754.GC26081@coruscant.does-not-exist.org> <20030122235431.GA28453@coruscant.does-not-exist.org> <20030123213537.GA13061@jabberwocky.com> <1043397070.855.25.camel@altfrangg.fortytwo.ch> Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? Date: Fri, 24 Jan 2003 11:08:25 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Shaw wrote: > I think in general that creating a new subtype of text to solve this > problem is a non-starter. Part of the original problem was that not > enough mailers supported PGP/MIME (or indeed, MIME in general) > sufficiently well. I suspect that using a new subtype will eventually > end up as "PGP/MIME lite" and will similarly not be supported. The point is that the "lite" form is displayed reasonably even in agents that don't "support" it. They show it as text. When confronted with multipart/signed, some agents display the pieces as attachments or not at all; this makes reading the text painful, and verifying the signature manually even more so. For agents that do support PGP/MIME, yes, this is another thing that they might want to understand. If one doesn't, then it may appear to have taken a step backward *when confronted with one of these "lite" messages*. A small step, in my opinion. Once again, Thomas should correct me if I'm wrong, but I don't think this is intended as a replacement, or even as a default. It's an *option* for senders that know that they are sending to receivers that can't (or don't want to) handle PGP/MIME. It would just be nice if all the agents that offered such an option did it the same way; that lets smart receivers still get some of the benefit. Adrian 'Dagurashibanipal' von Bidder wrote: > Additionally, specifying inline PGP could make Software vendors even > more reluctant to support PGP/MIME properly. Why not make it absolutely > clear that PGP/MIME is the only form of PGP in email mailers are > supposed to use. While it's possible that some vendor will choose to implement only the "lite" form on the receiving side, I think it's far more likely that they will implement neither, official PGP/MIME, or both. The most likely implementors are people who've already built PGP/MIME support. If I believed Adrian's premise, then I might believe in enforcing "the full standard or nothing at all", but I don't. I might enforce it if legacy agents weren't caused such grief. But they are, and I find it hard to stand on principle in the face of obvious pain. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPjFk8ec3iHYL8FknEQLpxwCePF4NDpFqTgBhZfTqPvQdLyRz7r8AoLlE hMY7CGqTOaBsL+jN6quXsr+O =4VwY -----END PGP SIGNATURE----- From owner-ietf-openpgp@mail.imc.org Fri Jan 24 11:37:37 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA24408 for ; Fri, 24 Jan 2003 11:37:36 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0OGTCk15902 for ietf-openpgp-bks; Fri, 24 Jan 2003 08:29:12 -0800 (PST) Received: from smtp1.kodak.com (smtp1.kodak.com [192.232.121.200]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0OGTAo15895 for ; Fri, 24 Jan 2003 08:29:10 -0800 (PST) Received: from knotes.kodak.com (knotes2.ko.kodak.com [150.221.122.53]) by smtp1.kodak.com (8.11.3/8.11.1) with ESMTP id h0OGTBa23293 for ; Fri, 24 Jan 2003 11:29:11 -0500 (EST) To: ietf-openpgp@imc.org Subject: Re: Standardizing inline PGP for e-mail? X-Mailer: Lotus Notes Release 5.0.5 September 22, 2000 Message-ID: From: john.dlugosz@kodak.com Date: Fri, 24 Jan 2003 10:29:01 -0600 X-MIMETrack: Serialize by Router on KNOTES2/ISBP/EKC(Release 5.0.11 |July 24, 2002) at 01/24/2003 11:29:11 AM, Serialize complete at 01/24/2003 11:29:11 AM MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_alternative 005A8C5D86256CB8_=" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is a multipart message in MIME format. --=_alternative 005A8C5D86256CB8_= Content-Type: text/plain; charset="us-ascii" I use inline PGP messages in applications like Lotus Notes and web-based email that have no concept of PGP or MIME. I can paste a coded ASCII Armored block into such a program and call it "text", and get my message through (privately). The very fact that I'm using inline PGP implies that I can't do anything about the mail message headers! --=_alternative 005A8C5D86256CB8_= Content-Type: text/html; charset="us-ascii"
I use inline PGP messages in applications like Lotus Notes and web-based email that have no concept of PGP or MIME.  I can paste a coded ASCII Armored block into such a program and call it "text", and get my message through (privately).  The very fact that I'm using inline PGP implies that I can't do anything about the mail message headers! --=_alternative 005A8C5D86256CB8_=-- From owner-ietf-openpgp@mail.imc.org Fri Jan 24 11:58:26 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA24848 for ; Fri, 24 Jan 2003 11:58:25 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0OGoBK16674 for ietf-openpgp-bks; Fri, 24 Jan 2003 08:50:11 -0800 (PST) Received: from smtp1.kodak.com (smtp1.kodak.com [192.232.121.200]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0OGo5o16666 for ; Fri, 24 Jan 2003 08:50:05 -0800 (PST) Received: from knotes.kodak.com (knotes2.ko.kodak.com [150.221.122.53]) by smtp1.kodak.com (8.11.3/8.11.1) with ESMTP id h0OGo6a00467 for ; Fri, 24 Jan 2003 11:50:06 -0500 (EST) To: ietf-openpgp@imc.org Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? X-Mailer: Lotus Notes Release 5.0.5 September 22, 2000 Message-ID: From: john.dlugosz@kodak.com Date: Fri, 24 Jan 2003 10:50:02 -0600 X-MIMETrack: Serialize by Router on KNOTES2/ISBP/EKC(Release 5.0.11 |July 24, 2002) at 01/24/2003 11:50:06 AM MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_mixed 005C76C286256CB8_=" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --=_mixed 005C76C286256CB8_= Content-Type: multipart/alternative; boundary="=_alternative 005C76C286256CB8_=" --=_alternative 005C76C286256CB8_= Content-Type: text/plain; charset="us-ascii" FWIW, Lotus Notes displayed this message with an attachment for the signature. I have no idea how to verify it. I suppose I would have to paste the content and the signature into a text file, mark up the -----BEGIN PGP etc. delimiter lines, and then try? --John "Adrian 'Dagurashibanipal' von Bidder" Sent by: owner-ietf-openpgp@mail.imc.org 01/24/03 02:31 AM To: ietf-openpgp@imc.org cc: Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? On Don, 2003-01-23 at 22:35, David Shaw wrote: > I think in general that creating a new subtype of text to solve this > problem is a non-starter. Part of the original problem was that not > enough mailers supported PGP/MIME (or indeed, MIME in general) > sufficiently well. I suspect that using a new subtype will eventually > end up as "PGP/MIME lite" and will similarly not be supported. Additionally, specifying inline PGP could make Software vendors even more reluctant to support PGP/MIME properly. Why not make it absolutely clear that PGP/MIME is the only form of PGP in email mailers are supposed to use. inline pgp won't get worse as it is - but manpower should be directed into making PGP/MIME work, not into fixing inline pgp, imho. cheers -- vbi -- featured link: http://fortytwo.ch/gpg/subkeys --=_alternative 005C76C286256CB8_= Content-Type: text/html; charset="us-ascii"
FWIW, Lotus Notes displayed this message with an attachment for the signature.
I have no idea how to verify it.  I suppose I would have to paste the content and the signature into a text file, mark up the -----BEGIN PGP etc. delimiter lines, and then try?  

--John



"Adrian 'Dagurashibanipal' von Bidder" <avbidder@fortytwo.ch>
Sent by: owner-ietf-openpgp@mail.imc.org

01/24/03 02:31 AM

       
        To:        ietf-openpgp@imc.org
        cc:        
        Subject:        Re: let's look...  Re: Standardizing inline PGP for e-mail?



On Don, 2003-01-23 at 22:35, David Shaw wrote:
> I think in general that creating a new subtype of text to solve this
> problem is a non-starter.  Part of the original problem was that not
> enough mailers supported PGP/MIME (or indeed, MIME in general)
> sufficiently well.  I suspect that using a new subtype will eventually
> end up as "PGP/MIME lite" and will similarly not be supported.
Additionally, specifying inline PGP could make Software vendors even
more reluctant to support PGP/MIME properly. Why not make it absolutely
clear that PGP/MIME is the only form of PGP in email mailers are
supposed to use.
inline pgp won't get worse as it is - but manpower should be directed
into making PGP/MIME work, not into fixing inline pgp, imho.
cheers
-- vbi
--
featured link: http://fortytwo.ch/gpg/subkeys

--=_alternative 005C76C286256CB8_=-- --=_mixed 005C76C286256CB8_= Content-Type: application/octet-stream; name="signature.asc" Content-Disposition: attachment; filename="signature.asc" Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0NClZlcnNpb246IEdudVBHIHYxLjIuMSAoR05V L0xpbnV4KQ0KQ29tbWVudDogZ2V0IG15IGtleSBmcm9tIGh0dHA6Ly9mb3J0eXR3by5jaC9ncGcv OTIwODI0ODENCg0KaUhNRUFCRUNBRE1GQWo0dytjMHNHbWgwZEhBNkx5OW1iM0owZVhSM2J5NWph QzlzWldkaGJDOW5jR2N2WlcxaA0KYVd3dU1qQXdNakE0TWpJQUNna1FpNlF4aStXbjk5WUs1QUNm YzA2Znd0eG9xcElJcWVjaytxNXVIRXl2S2xjQQ0Kb0o0RTVvRFFBVjhibENkL0Rrakw0SFhjaEZj Sg0KPWN5NVkNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0KU2lnbmF0dXJlIHBvbGljeTog aHR0cDovL2ZvcnR5dHdvLmNoL2xlZ2FsL2dwZy9lbWFpbC4yMDAyMDgyMg0K --=_mixed 005C76C286256CB8_=-- From owner-ietf-openpgp@mail.imc.org Fri Jan 24 12:23:47 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA25387 for ; Fri, 24 Jan 2003 12:23:46 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0OH3W617285 for ietf-openpgp-bks; Fri, 24 Jan 2003 09:03:32 -0800 (PST) Received: from claude.jabberwocky.com (walrus.ne.client2.attbi.com [24.60.130.129]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0OH3Vo17281 for ; Fri, 24 Jan 2003 09:03:31 -0800 (PST) Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id h0OH3Rn23853 for ietf-openpgp@imc.org; Fri, 24 Jan 2003 12:03:27 -0500 Date: Fri, 24 Jan 2003 12:03:27 -0500 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? Message-ID: <20030124170327.GN13174@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <20030122223754.GC26081@coruscant.does-not-exist.org> <20030122235431.GA28453@coruscant.does-not-exist.org> <20030123213537.GA13061@jabberwocky.com> <1043397070.855.25.camel@altfrangg.fortytwo.ch> <002601c2c3c2$d3e57fe0$f0c12609@transarc.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <002601c2c3c2$d3e57fe0$f0c12609@transarc.ibm.com> X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-URL: http://www.jabberwocky.com/ X-Phase-Of-Moon: The Moon is Waning Gibbous (67% of Full) User-Agent: Mutt/1.5.2i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Fri, Jan 24, 2003 at 11:08:25AM -0500, Michael Young wrote: > David Shaw wrote: > > I think in general that creating a new subtype of text to solve this > > problem is a non-starter. Part of the original problem was that not > > enough mailers supported PGP/MIME (or indeed, MIME in general) > > sufficiently well. I suspect that using a new subtype will eventually > > end up as "PGP/MIME lite" and will similarly not be supported. > > The point is that the "lite" form is displayed reasonably even in > agents that don't "support" it. They show it as text. When > confronted with multipart/signed, some agents display the pieces > as attachments or not at all; this makes reading the text painful, > and verifying the signature manually even more so. I think we've seen in this thread that the "lite" form is not displayed at all in agents that don't support it. There will always be some email client that can't handle the new content-type. One of the main complaints about PGP/MIME is that it does not degrade well, and this has the same problem. Even mutt, (which Thomas should know well ;)), had a problem with his test mail until I went in and mucked with the configuration. Why go out of our way to make regular clearsigned messages more confusing and much more likely to Just Not Work for fiddling reasons that are going to be different on every single mailer? Getting fancy here feels good and we can produce all sorts of interesting documents that most MUA writers will ignore, and argue about little details until we are blue in the face, but it does not fix the actual problem we're having in the real world. Thomas' original suggestion to use UTF8 encoding along with text/plain works very nicely on several levels. First, it works without forcing the MUA author to do anything. Second, in most cases even if MUA "A" does it slightly wrong (say, not doing the UTF8), MUA "B" can still handle it. It's simple. It works. Where is the problem? David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From owner-ietf-openpgp@mail.imc.org Fri Jan 24 12:56:26 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA26735 for ; Fri, 24 Jan 2003 12:56:26 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0OHgi720338 for ietf-openpgp-bks; Fri, 24 Jan 2003 09:42:44 -0800 (PST) Received: from thetis.deor.org (thetis.deor.org [207.106.86.210]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0OHggo20334 for ; Fri, 24 Jan 2003 09:42:42 -0800 (PST) Received: by thetis.deor.org (Postfix, from userid 500) id D4D584517D; Fri, 24 Jan 2003 09:42:42 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by thetis.deor.org (Postfix) with ESMTP id BED0B48025; Fri, 24 Jan 2003 09:42:42 -0800 (PST) Date: Fri, 24 Jan 2003 09:42:42 -0800 (PST) From: Len Sassaman X-Sender: To: Thomas Roessler Cc: Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? In-Reply-To: <20030122235431.GA28453@coruscant.does-not-exist.org> Message-ID: X-AIM: Elom777 X-icq: 10735603 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Thu, 23 Jan 2003, Thomas Roessler wrote: > > Thanks for that suggestion. Will look into it. > > This message contains inline PGP material tagged as text/x-pgp. I'd > be curious to learn what kind of behaviour this causes. In > particular, are those whose user agents aren't prepared to handle > PGP by default able to display the "raw" clearsigned material > without problems? This works just fine with pine/pgpenvelope (which gives enormous headaches with PGP/MIME or application/pgp). From owner-ietf-openpgp@mail.imc.org Fri Jan 24 14:09:36 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA29075 for ; Fri, 24 Jan 2003 14:09:36 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0OIskl24707 for ietf-openpgp-bks; Fri, 24 Jan 2003 10:54:46 -0800 (PST) Received: from xfw.transarc.ibm.com (xfw.transarc.ibm.com [192.54.226.51]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0OIsio24703 for ; Fri, 24 Jan 2003 10:54:45 -0800 (PST) Received: from mailhost.transarc.ibm.com (mailhost.transarc.ibm.com [9.38.192.124]) by xfw.transarc.ibm.com (AIX4.3/UCB 8.7/8.7) with ESMTP id NAA61256 for ; Fri, 24 Jan 2003 13:39:26 -0500 (EST) Received: from mwyoung (dhcp-193-40.transarc.ibm.com [9.38.193.240]) by mailhost.transarc.ibm.com (8.8.0/8.8.0) with SMTP id NAA13823 for ; Fri, 24 Jan 2003 13:54:41 -0500 (EST) Message-ID: <004801c2c3d9$e3565280$f0c12609@transarc.ibm.com> From: "Michael Young" To: References: <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <20030122223754.GC26081@coruscant.does-not-exist.org> <20030122235431.GA28453@coruscant.does-not-exist.org> <20030123213537.GA13061@jabberwocky.com> <1043397070.855.25.camel@altfrangg.fortytwo.ch> <002601c2c3c2$d3e57fe0$f0c12609@transarc.ibm.com> <20030124170327.GN13174@jabberwocky.com> Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? Date: Fri, 24 Jan 2003 13:53:29 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 From: "David Shaw" > On Fri, Jan 24, 2003 at 11:08:25AM -0500, Michael Young wrote: > > David Shaw wrote: > > > I think in general that creating a new subtype of text to solve this ... > I think we've seen in this thread that the "lite" form is not > displayed at all in agents that don't support it. That's an overstatement. Several MUAs handled it just fine (and mutt is clearly going to be changed in the process, so it will also). (The only failure I saw was Outlook XP, but I may have missed something.) But, I missed that you were talking specifically about the subtype idea... > Thomas' original suggestion to use UTF8 encoding along with text/plain > works very nicely on several levels. First, it works without forcing > the MUA author to do anything. Second, in most cases even if MUA "A" > does it slightly wrong (say, not doing the UTF8), MUA "B" can still > handle it. It's simple. It works. Where is the problem? The main reason we went down the subtype path was that Ned balked at using text/plain with extra tags. (Thomas suggested the tags to let in-the-know MUAs take automatic action, and Ned balked there, too.) Experimenting with subtypes was a fine idea, but it hasn't been a complete success. I'm happy to back off to text/plain, and I'm happy with the extra tags. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPjGLmOc3iHYL8FknEQJ37ACghzrVLCZlW9gUpPafuY1/8GRObN4An112 t8VJroo4FslcDx/6bTVCw77+ =xHO7 -----END PGP SIGNATURE----- From owner-ietf-openpgp@mail.imc.org Fri Jan 24 16:53:18 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA03525 for ; Fri, 24 Jan 2003 16:53:17 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0OLZa200796 for ietf-openpgp-bks; Fri, 24 Jan 2003 13:35:36 -0800 (PST) Received: from darius.cyrusoft.com (darius.cyrusoft.com [63.163.82.2]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0OLZZo00792 for ; Fri, 24 Jan 2003 13:35:35 -0800 (PST) Received: from socrates.cyrusoft.com (localhost [127.0.0.1]) by darius.cyrusoft.com (8.9.3/8.9.3) with ESMTP id QAA13740; Fri, 24 Jan 2003 16:32:16 -0500 (EST) Date: Fri, 24 Jan 2003 16:35:31 -0500 From: Cyrus Daboo To: Michael Young , ietf-openpgp@imc.org Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? Message-ID: <45210000.1043444131@socrates.cyrusoft.com> In-Reply-To: <004801c2c3d9$e3565280$f0c12609@transarc.ibm.com> References: <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <20030122223754.GC26081@coruscant.does-not-exist.org> <20030122235431.GA28453@coruscant.does-not-exist.org> <20030123213537.GA13061@jabberwocky.com> <1043397070.855.25.camel@altfrangg.fortytwo.ch> <002601c2c3c2$d3e57fe0$f0c12609@transarc.ibm.com> <20030124170327.GN13174@jabberwocky.com> <004801c2c3d9$e3565280$f0c12609@transarc.ibm.com> X-Mailer: Mulberry/3.0.0b12 (Linux/PPC) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Hi Michael, --On Friday, January 24, 2003 01:53:29 PM -0500 Michael Young wrote: | The main reason we went down the subtype path was that Ned balked at | using text/plain with extra tags. (Thomas suggested the tags to let | in-the-know MUAs take automatic action, and Ned balked there, too.) | Experimenting with subtypes was a fine idea, but it hasn't been a | complete success. I'm happy to back off to text/plain, and I'm happy | with the extra tags. One alternative, that may or not be as controversial as adding parameters to Content-Type, would be to add a parameter to Content-Disposition instead, e.g.: Content-Disposition: inline; signed=pgp This has the benefit of leaving Content-Type as-is, and its also easily accessible to IMAP clients via the IMAP BODYSTRUCTURE response, removing the need for such clients to retrieve individual MIME part headers, which they would otherwise have to do if some X-Content header were used. The argument against this is that this change may be against the original design for Content-Disposition. So there are five alternatives to choose from: 1) Do nothing (actually promote better support/understanding for PGP/MIME) 2) Add a parameter to Content-Type 3) Use a different text subtype for Content-Type 4) Add a parameter to Content-Disposition 5) Add a new MIME part header -- Cyrus Daboo From owner-ietf-openpgp@mail.imc.org Fri Jan 24 18:52:58 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA05633 for ; Fri, 24 Jan 2003 18:52:58 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0ONiYU03969 for ietf-openpgp-bks; Fri, 24 Jan 2003 15:44:34 -0800 (PST) Received: from mail.uni-bielefeld.de (IDENT:72@mail2.uni-bielefeld.de [129.70.4.90]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0ONiWo03960 for ; Fri, 24 Jan 2003 15:44:32 -0800 (PST) Received: from 192.168.0.17 (ppp36-226.hrz.uni-bielefeld.de [129.70.36.226]) by mail.uni-bielefeld.de (Sun Internet Mail Server sims.4.0.2000.10.12.16.25.p8) with ESMTP id <0H98009QGSM557@mail.uni-bielefeld.de> for ietf-openpgp@imc.org; Sat, 25 Jan 2003 00:44:32 +0100 (MET) Date: Sat, 25 Jan 2003 00:00:56 +0100 From: Marc Mutz Subject: Re: Standardizing inline PGP for e-mail? In-reply-to: <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> To: ietf-openpgp@imc.org Message-id: <200301250000.56934@sendmail.mutz.com> Organization: KDE MIME-version: 1.0 Content-type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_oWcM+83vJe590gE"; charset="iso-8859-1" Content-transfer-encoding: 7bit User-Agent: KMail/1.5.9 X-PGP-Key: 0xBDBFE838 References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --Boundary-02=_oWcM+83vJe590gE Content-Type: text/plain; charset="iso-8859-1" Content-Description: signed data Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wednesday 22 January 2003 20:30, Michael Young wrote: > > Sounds fine, but it begs the question of why, if you're going to > > introduce a major operationaal change to how PGP signs things, you > > don't just change to generating multipart/signed. > (I also wouldn't call this an operational change to how PGP signs > things -- the actual signing doesn't change. We're simply talking > about the MIME wrapping done by the mail user agent.) It _is_ an operational change, since the "pre-draft" proposes to label=20 utf-8 data with us-ascii. MUAs will not be prepared to decode UTF-8=20 when the Content-Type says "us-ascii"... Marc =2D-=20 They [RIAA,MPAA] are trying to invent a new crime: interference with a business model. --Bruce Schneier, Crypto-Gram 08/2002 --Boundary-02=_oWcM+83vJe590gE Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA+McWo3oWD+L2/6DgRAg3JAJ9G1EKiC5Z3rlxgXAri9DedaJZdDwCeMsz0 OTAqM7xheyraEMMFUN8M2CY= =gJ6+ -----END PGP SIGNATURE----- --Boundary-02=_oWcM+83vJe590gE-- From owner-ietf-openpgp@mail.imc.org Fri Jan 24 18:53:02 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA05647 for ; Fri, 24 Jan 2003 18:53:02 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0ONiYR03968 for ietf-openpgp-bks; Fri, 24 Jan 2003 15:44:34 -0800 (PST) Received: from mail.uni-bielefeld.de (IDENT:72@mail2.uni-bielefeld.de [129.70.4.90]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0ONiWo03959 for ; Fri, 24 Jan 2003 15:44:32 -0800 (PST) Received: from 192.168.0.17 (ppp36-226.hrz.uni-bielefeld.de [129.70.36.226]) by mail.uni-bielefeld.de (Sun Internet Mail Server sims.4.0.2000.10.12.16.25.p8) with ESMTP id <0H98009QGSM557@mail.uni-bielefeld.de> for ietf-openpgp@imc.org; Sat, 25 Jan 2003 00:44:31 +0100 (MET) Date: Fri, 24 Jan 2003 23:53:42 +0100 From: Marc Mutz Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? In-reply-to: <20030122235431.GA28453@coruscant.does-not-exist.org> To: ietf-openpgp@imc.org Message-id: <200301242353.56541@sendmail.mutz.com> Organization: KDE MIME-version: 1.0 Content-type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_EQcM+Gzft5cr8/P"; charset="us-ascii" Content-transfer-encoding: 7bit User-Agent: KMail/1.5.9 X-PGP-Key: 0xBDBFE838 References: <20030122152135.GA17189@coruscant.does-not-exist.org> <20030122223754.GC26081@coruscant.does-not-exist.org> <20030122235431.GA28453@coruscant.does-not-exist.org> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --Boundary-02=_EQcM+Gzft5cr8/P Content-Type: text/plain; charset="us-ascii" Content-Description: signed data Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thursday 23 January 2003 00:54, Thomas Roessler wrote: > This message contains inline PGP material tagged as text/x-pgp. KMail (1.5.x) displays it as if it was t/p. Marc =2D-=20 It's good fortune for the government that the masses don't think. -- Adolf Hitler --Boundary-02=_EQcM+Gzft5cr8/P Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA+McQE3oWD+L2/6DgRArosAKCiOo5eQ+FvfF7CT5iIChX33RVM+wCeKNX8 oB5eQAeQxod9lOejFhSWSY0= =7ifL -----END PGP SIGNATURE----- --Boundary-02=_EQcM+Gzft5cr8/P-- From owner-ietf-openpgp@mail.imc.org Fri Jan 24 22:30:17 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA08845 for ; Fri, 24 Jan 2003 22:30:17 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0P3N5W09326 for ietf-openpgp-bks; Fri, 24 Jan 2003 19:23:05 -0800 (PST) Received: from mauve.mrochek.com (mauve.mrochek.com [209.55.107.55]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0P3Mwo09314 for ; Fri, 24 Jan 2003 19:22:58 -0800 (PST) Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01KRMFC01JCW002DEU@mauve.mrochek.com> for ietf-openpgp@imc.org; Fri, 24 Jan 2003 19:22:55 -0800 (PST) Date: Fri, 24 Jan 2003 19:17:09 -0800 (PST) From: ned.freed@mrochek.com Subject: Re: Standardizing inline PGP for e-mail? In-reply-to: "Your message dated Thu, 23 Jan 2003 14:41:36 +0100" To: Simon Josefsson Cc: ned.freed@mrochek.com, Thomas Roessler , ietf-openpgp@imc.org Message-id: <01KRMHLBX2FI002DEU@mauve.mrochek.com> MIME-version: 1.0 Content-type: TEXT/PLAIN; CHARSET=us-ascii Content-transfer-encoding: 7BIT References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7BIT > ned.freed@mrochek.com writes: > >> It seems like inline PGP messages just can't be eradicated, despite > >> all the PGP/MIME we have. I'm wondering if it would be reasonable > >> to produce an RFC on (1) how to tag this on the MIME level, and (2) > >> how to avoid character set problems. > > > >> Here's the simple proposal (in rough words), as currently > >> implemented in the Mutt mail user agent. > > > >> 1. Inline PGP messages use text/plain as their MIME type. Inline > >> PGP material is announced in an additional MIME parameter (we call > >> it x-action right now), which can take the values "pgp-encrypt", > >> "pgp-sign". > > > > Such usage clearly violates RFC 2046 section 4.1.3, which states > > that text/plain is intended for material that isn't formatted in any way: > > > > Plain text is intended to be displayed "as-is", that is, no interpretation of > > embedded formatting commands, font attribute specifications, processing > > instructions, interpretation directives, or content markup should be necessary > > for proper display > > > > It also violates the intended use of media type parameters, which are supposed > > to qualify the format being used rather than identifying it. Format > > identification is supposed to be done by the media type. > FWIW, there is a standards track precedence for Thomas' approach; the > RFC 2646 format=flowed parameter that modifies how text/plain is > rendered. I did and do have deep misgivings about format=flowed; it treads dangerously close to the line and may indeed step a bit over it. But there's a huge difference between something that says "it is OK to wrap these lines for display" and something that says "Surprise! This is now structured material containing an elaborate security object that requires extensive processing in order to handle properly". The two cases really aren't at all comparable IMO. Ned From owner-ietf-openpgp@mail.imc.org Fri Jan 24 22:54:55 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA09441 for ; Fri, 24 Jan 2003 22:54:55 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0P3kre10027 for ietf-openpgp-bks; Fri, 24 Jan 2003 19:46:53 -0800 (PST) Received: from claude.jabberwocky.com (walrus.ne.client2.attbi.com [24.60.130.129]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0P3kqo10023 for ; Fri, 24 Jan 2003 19:46:52 -0800 (PST) Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id h0P3knw29841 for ietf-openpgp@imc.org; Fri, 24 Jan 2003 22:46:49 -0500 Date: Fri, 24 Jan 2003 22:46:49 -0500 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Standardizing inline PGP for e-mail? Message-ID: <20030125034649.GC13174@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <01KRMHLBX2FI002DEU@mauve.mrochek.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <01KRMHLBX2FI002DEU@mauve.mrochek.com> X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-URL: http://www.jabberwocky.com/ X-Phase-Of-Moon: The Moon is Waning Gibbous (67% of Full) User-Agent: Mutt/1.5.2i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Fri, Jan 24, 2003 at 07:17:09PM -0800, ned.freed@mrochek.com wrote: > > FWIW, there is a standards track precedence for Thomas' approach; the > > RFC 2646 format=flowed parameter that modifies how text/plain is > > rendered. > > I did and do have deep misgivings about format=flowed; it treads dangerously > close to the line and may indeed step a bit over it. But there's a huge > difference between something that says "it is OK to wrap these lines for > display" and something that says "Surprise! This is now structured material > containing an elaborate security object that requires extensive processing in > order to handle properly". I don't know if I'd go that far. Perhaps it is structured material, but does it matter? The client can perfectly legally just display it to the user completely untouched with no processing at all. The tag seems more like a processing hint to me, which can be ignored by the MUA. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From owner-ietf-openpgp@mail.imc.org Sat Jan 25 09:40:47 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA24746 for ; Sat, 25 Jan 2003 09:40:46 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0PE9OM24002 for ietf-openpgp-bks; Sat, 25 Jan 2003 06:09:24 -0800 (PST) Received: from gluggsi.fortytwo.ch (zux006-042-224.adsl.green.ch [81.6.42.224]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0PE9Mo23998 for ; Sat, 25 Jan 2003 06:09:22 -0800 (PST) Received: from altfrangg.fortytwo.ch (altfrangg.fortytwo.ch [192.168.1.17]) by gluggsi.fortytwo.ch (Postfix) with ESMTP id BCE937A48 for ; Sat, 25 Jan 2003 15:09:14 +0100 (CET) Received: by altfrangg.fortytwo.ch (Postfix, from userid 1000) id 0C2CC8BA5E; Sat, 25 Jan 2003 15:09:14 +0100 (CET) Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? From: "Adrian 'Dagurashibanipal' von Bidder" To: ietf-openpgp@imc.org In-Reply-To: <45210000.1043444131@socrates.cyrusoft.com> References: <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <20030122223754.GC26081@coruscant.does-not-exist.org> <20030122235431.GA28453@coruscant.does-not-exist.org> <20030123213537.GA13061@jabberwocky.com> <1043397070.855.25.camel@altfrangg.fortytwo.ch> <002601c2c3c2$d3e57fe0$f0c12609@transarc.ibm.com> <20030124170327.GN13174@jabberwocky.com> <004801c2c3d9$e3565280$f0c12609@transarc.ibm.com> <45210000.1043444131@socrates.cyrusoft.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-rDQ6as0TgwxSPCatqMD0" Message-Id: <1043503753.563.11.camel@altfrangg.fortytwo.ch> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.1 Date: 25 Jan 2003 15:09:13 +0100 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --=-rDQ6as0TgwxSPCatqMD0 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fre, 2003-01-24 at 22:35, Cyrus Daboo wrote: > One alternative, that may or not be as controversial as adding parameters= =20 > to Content-Type, would be to add a parameter to Content-Disposition=20 > instead, e.g.: Hmmm. While it's not so nice to access via IMAP, and it's conceptually not so elegant, why not add an extra header?=20 X-PGP-Data: clearsigned=20 or X-PGP-Data: encrypted We get + no MIME parser gets confused, situation will be no worse than it is now + many MUAs allow extra headers to be added to messages with little effort. So, people could use this even if their mailer doesn't. + same, for incoming mail: procmail and formail are your friends, so if your MUA supports this you can view (almost) all inline signed msgs - needs special casing in the MUA when parsing a message. But inline pgp needs special casing anyway, so it's probably still better than status quo. The idea to standardise to utf-8 may still be a good one, but I feel it's not necessary as long as both gpg and sending MUA have the same opinion of the charset used (and declare it, too). cheers -- vbi --=20 featured link: http://fortytwo.ch/gpg/subkeys --=-rDQ6as0TgwxSPCatqMD0 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: get my key from http://fortytwo.ch/gpg/92082481 iHMEABECADMFAj4ymoksGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99Z7EQCg6XrhD4YgTy5xc56ql5C7S7UCSdsA nR0USKaTwYjRxQpKBjb1PGxLr6+y =ADAm -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/legal/gpg/email.20020822 --=-rDQ6as0TgwxSPCatqMD0-- From owner-ietf-openpgp@mail.imc.org Sat Jan 25 18:35:44 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA29638 for ; Sat, 25 Jan 2003 18:35:43 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0PNGfT06863 for ietf-openpgp-bks; Sat, 25 Jan 2003 15:16:41 -0800 (PST) Received: from mauve.mrochek.com (mauve.mrochek.com [209.55.107.55]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0PNGco06859 for ; Sat, 25 Jan 2003 15:16:38 -0800 (PST) Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01KRNDLW5ZQ8009UB3@mauve.mrochek.com> for ietf-openpgp@imc.org; Sat, 25 Jan 2003 15:16:36 -0800 (PST) Date: Sat, 25 Jan 2003 15:05:08 -0800 (PST) From: ned.freed@mrochek.com Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? In-reply-to: "Your message dated Fri, 24 Jan 2003 16:35:31 -0500" <45210000.1043444131@socrates.cyrusoft.com> To: Cyrus Daboo Cc: Michael Young , ietf-openpgp@imc.org Message-id: <01KRNNAB9NW2009UB3@mauve.mrochek.com> MIME-version: 1.0 Content-type: TEXT/PLAIN; CHARSET=us-ascii; format=flowed Content-transfer-encoding: 7BIT References: <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <20030122223754.GC26081@coruscant.does-not-exist.org> <20030122235431.GA28453@coruscant.does-not-exist.org> <20030123213537.GA13061@jabberwocky.com> <1043397070.855.25.camel@altfrangg.fortytwo.ch> <002601c2c3c2$d3e57fe0$f0c12609@transarc.ibm.com> <20030124170327.GN13174@jabberwocky.com> <004801c2c3d9$e3565280$f0c12609@transarc.ibm.com> <45210000.1043444131@socrates.cyrusoft.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7BIT > Hi Michael, > --On Friday, January 24, 2003 01:53:29 PM -0500 Michael Young > wrote: > | The main reason we went down the subtype path was that Ned balked at > | using text/plain with extra tags. (Thomas suggested the tags to let > | in-the-know MUAs take automatic action, and Ned balked there, too.) > | Experimenting with subtypes was a fine idea, but it hasn't been a > | complete success. I'm happy to back off to text/plain, and I'm happy > | with the extra tags. > One alternative, that may or not be as controversial as adding parameters > to Content-Type, would be to add a parameter to Content-Disposition > instead, e.g.: > Content-Disposition: inline; signed=pgp This isn't what content-disposition parameters are for either: They are supposed to be used to elaborate on the chosen disposition, in a fashion similar to how media type parameters elaborate on the media type. Another approach would be to make this a new content-disposition, however, the default semantics of an unknown disposition (treat as attachment) are nowhere near as good as the default semantics for an unknown text subtype (show or offer to show the data to the user). There's also the issue that existing dispositions seem largely (but not entirely) orthogonal to whether or not the object is clearsigned. > This has the benefit of leaving Content-Type as-is, and its also easily > accessible to IMAP clients via the IMAP BODYSTRUCTURE response, removing > the need for such clients to retrieve individual MIME part headers, which > they would otherwise have to do if some X-Content header were used. The > argument against this is that this change may be against the original > design for Content-Disposition. It is not, however, something existing client dispatch mechanisms are likely to support. Support for dispatch based on media type is widely supported. > So there are five alternatives to choose from: > 1) Do nothing (actually promote better support/understanding for PGP/MIME) I note that several people appear to favor this approach. I certainly have no problem with this choice. > 2) Add a parameter to Content-Type I find this unacceptable for the multiple reasons I've already given. > 3) Use a different text subtype for Content-Type This is the approach I favor. > 4) Add a parameter to Content-Disposition This has many of the same problems as adding a new content type parameter. > 5) Add a new MIME part header Yuck. Ned From owner-ietf-openpgp@mail.imc.org Sat Jan 25 21:03:33 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA01307 for ; Sat, 25 Jan 2003 21:03:33 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0Q1oMi08503 for ietf-openpgp-bks; Sat, 25 Jan 2003 17:50:22 -0800 (PST) Received: from mauve.mrochek.com (mauve.mrochek.com [209.55.107.55]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0Q1oLo08499 for ; Sat, 25 Jan 2003 17:50:21 -0800 (PST) Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01KRNRYLD6LC002O3W@mauve.mrochek.com> for ietf-openpgp@imc.org; Sat, 25 Jan 2003 17:50:23 -0800 (PST) Date: Sat, 25 Jan 2003 17:41:56 -0800 (PST) From: ned.freed@mrochek.com Subject: Re: Standardizing inline PGP for e-mail? In-reply-to: "Your message dated Wed, 22 Jan 2003 23:37:54 +0100" <20030122223754.GC26081@coruscant.does-not-exist.org> To: Thomas Roessler Cc: Michael Young , ned.freed@mrochek.com, ietf-openpgp@imc.org Message-id: <01KRNSNYFHRS002O3W@mauve.mrochek.com> MIME-version: 1.0 Content-type: TEXT/PLAIN; CHARSET=us-ascii Content-transfer-encoding: 7BIT References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122223754.GC26081@coruscant.does-not-exist.org> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7BIT > On 2003-01-22 14:30:48 -0500, Michael Young wrote: > > This only seems useful if you convince *forward-looking* user > > agents to adopt it, for the benefit of those using naive user > > agents. That seems unlikely, as many of them have picked up on > > PGP/MIME, and would view this as a step backwards. But I'm happy > > for you to write it up. > Maybe I should explain the rationale somewhat more. First of all, > with mutt, we generally try to parse things as late as possible -- > scanning text/plain for signs of encrypted or signed material is an > action which explicitly has to be triggered by the user. From that > point of view, having a separate content type is certainly the thing > to do. > On the other hand, we had lots of complaints when we were using an > application/ content type for inline PGP messages (from those who > insisted in sending and receiving inline messages). So we were > looking for a way to generate inline messages which can (1) be > handled by users with pgp-agnostic user agents, and (2) be > recognized as PGP-messages early in the parsing process. A MIME > parameter for text/plain looked like an easy way to do this. The default handling rules for unknown application types are very different from those for unknown text subtypes. It seems to me that the default for text subtypes is more or less what you want. Of course not all user agents follow the rules for either one. But this will hold true for any trick you use. For example, there's a popular user agent that can fail in the presence of unexpected media type parameters. (Specifically, its an older agent used in Japan that's sensitive both to unknown parameters and parameter ordering, both entirely contrary to the MIME specification.) Another example is how the original deployment of MIME was hindered by the presence of agents that removed headers they did not recognize, such as content-type or content-transfer-encoding. There's a point where you have to say "enough" and move forward anyhow. The real question is where that point lies. Ned From owner-ietf-openpgp@mail.imc.org Mon Jan 27 11:38:35 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA19098 for ; Mon, 27 Jan 2003 11:38:35 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0RGJL117301 for ietf-openpgp-bks; Mon, 27 Jan 2003 08:19:21 -0800 (PST) Received: from smtp1.kodak.com (smtp1.kodak.com [192.232.121.200]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0RGJFo17288 for ; Mon, 27 Jan 2003 08:19:16 -0800 (PST) Received: from knotes.kodak.com (knotes2.ko.kodak.com [150.221.122.53]) by smtp1.kodak.com (8.11.3/8.11.1) with ESMTP id h0RGJGK29830 for ; Mon, 27 Jan 2003 11:19:16 -0500 (EST) To: ietf-openpgp@imc.org Subject: How about this? (Re: Standardizing inline PGP for e-mail?) X-Mailer: Lotus Notes Release 5.0.5 September 22, 2000 Message-ID: From: john.dlugosz@kodak.com Date: Mon, 27 Jan 2003 10:17:54 -0600 X-MIMETrack: Serialize by Router on KNOTES2/ISBP/EKC(Release 5.0.11 |July 24, 2002) at 01/27/2003 11:19:16 AM, Serialize complete at 01/27/2003 11:19:16 AM MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_alternative 005987B486256CBB_=" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is a multipart message in MIME format. --=_alternative 005987B486256CBB_= Content-Type: text/plain; charset="us-ascii" How about this variation: Add an X-header to the message. Everybody not "in the know" will certainly ignore it. It serves the same purpose as the original proposal, allowing those that are "in the know" to decode the message automatically or otherwise take action without having to parse the body to discover the existance of inline PGP. If the purpose of this is to trigger automatic decoding, have something like X-PGP-autodecrypt: true also, a value of false can explicitly tell the MUA not to automatically decrypt. --John "Michael Young" Sent by: owner-ietf-openpgp@mail.imc.org 01/24/03 12:53 PM To: cc: Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 From: "David Shaw" > On Fri, Jan 24, 2003 at 11:08:25AM -0500, Michael Young wrote: > > David Shaw wrote: > > > I think in general that creating a new subtype of text to solve this ... > I think we've seen in this thread that the "lite" form is not > displayed at all in agents that don't support it. That's an overstatement. Several MUAs handled it just fine (and mutt is clearly going to be changed in the process, so it will also). (The only failure I saw was Outlook XP, but I may have missed something.) But, I missed that you were talking specifically about the subtype idea... > Thomas' original suggestion to use UTF8 encoding along with text/plain > works very nicely on several levels. First, it works without forcing > the MUA author to do anything. Second, in most cases even if MUA "A" > does it slightly wrong (say, not doing the UTF8), MUA "B" can still > handle it. It's simple. It works. Where is the problem? The main reason we went down the subtype path was that Ned balked at using text/plain with extra tags. (Thomas suggested the tags to let in-the-know MUAs take automatic action, and Ned balked there, too.) Experimenting with subtypes was a fine idea, but it hasn't been a complete success. I'm happy to back off to text/plain, and I'm happy with the extra tags. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPjGLmOc3iHYL8FknEQJ37ACghzrVLCZlW9gUpPafuY1/8GRObN4An112 t8VJroo4FslcDx/6bTVCw77+ =xHO7 -----END PGP SIGNATURE----- --=_alternative 005987B486256CBB_= Content-Type: text/html; charset="us-ascii"
How about this variation:

Add an X-header to the message.  Everybody not "in the know" will certainly ignore it.  It serves the same purpose as the original proposal, allowing those that are "in the know" to decode the message automatically or otherwise take action without having to parse the body to discover the existance of inline PGP.

If the purpose of this is to trigger automatic decoding, have something like
        X-PGP-autodecrypt: true

also, a value of false can explicitly tell the MUA not to automatically decrypt.

--John



"Michael Young" <mwy-opgp97@the-youngs.org>
Sent by: owner-ietf-openpgp@mail.imc.org

01/24/03 12:53 PM

       
        To:        <ietf-openpgp@imc.org>
        cc:        
        Subject:        Re: let's look...  Re: Standardizing inline PGP for e-mail?




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

From: "David Shaw" <dshaw@jabberwocky.com>
> On Fri, Jan 24, 2003 at 11:08:25AM -0500, Michael Young wrote:
> > David Shaw wrote:
> > > I think in general that creating a new subtype of text to solve this
...
> I think we've seen in this thread that the "lite" form is not
> displayed at all in agents that don't support it.

That's an overstatement.  Several MUAs handled it just fine (and
mutt is clearly going to be changed in the process, so it will also).
(The only failure I saw was Outlook XP, but I may have missed something.)

But, I missed that you were talking specifically about the subtype idea...

> Thomas' original suggestion to use UTF8 encoding along with text/plain
> works very nicely on several levels.  First, it works without forcing
> the MUA author to do anything.  Second, in most cases even if MUA "A"
> does it slightly wrong (say, not doing the UTF8), MUA "B" can still
> handle it.  It's simple.  It works.  Where is the problem?

The main reason we went down the subtype path was that Ned balked at
using text/plain with extra tags.  (Thomas suggested the tags to let
in-the-know MUAs take automatic action, and Ned balked there, too.)
Experimenting with subtypes was a fine idea, but it hasn't been a
complete success.  I'm happy to back off to text/plain, and I'm happy
with the extra tags.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQA/AwUBPjGLmOc3iHYL8FknEQJ37ACghzrVLCZlW9gUpPafuY1/8GRObN4An112
t8VJroo4FslcDx/6bTVCw77+
=xHO7
-----END PGP SIGNATURE-----

--=_alternative 005987B486256CBB_=-- From owner-ietf-openpgp@mail.imc.org Tue Jan 28 10:49:49 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA28778 for ; Tue, 28 Jan 2003 10:49:48 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0SFacc28874 for ietf-openpgp-bks; Tue, 28 Jan 2003 07:36:38 -0800 (PST) Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.33]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0SFabo28866 for ; Tue, 28 Jan 2003 07:36:37 -0800 (PST) Received: from mailserver2.hushmail.com (mailserver2.hushmail.com [65.39.178.21]) by smtp3.hushmail.com (Postfix) with ESMTP id EBA476679 for ; Tue, 28 Jan 2003 07:36:31 -0800 (PST) Received: from mailserver2.hushmail.com (localhost.hushmail.com [127.0.0.1]) by mailserver2.hushmail.com (8.12.6/8.12.3) with ESMTP id h0SFaWsW027440 for ; Tue, 28 Jan 2003 07:36:32 -0800 (PST) (envelope-from vedaal@hush.com) Received: (from nobody@localhost) by mailserver2.hushmail.com (8.12.6/8.12.3/Submit) id h0SFaVFP027436 for ietf-openpgp@imc.org; Tue, 28 Jan 2003 07:36:31 -0800 (PST) Message-Id: <200301281536.h0SFaVFP027436@mailserver2.hushmail.com> Date: Tue, 28 Jan 2003 07:36:31 -0800 To: ietf-openpgp@imc.org Subject: Re: How about this? (Re: Standardizing inline PGP for e-mail?) From: vedaal@hush.com Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, 27 Jan 2003 08:17:54 -0800 john.dlugosz@kodak.com wrote: >How about this variation: > >Add an X-header to the message. or possibly a simple generic solution {*if * it would work} on the user end, to just preface the pgp clearsigned message with: below is a clearsigned pgp message, and so, try to 'fool' the e-mail client that the message begins and ends with plain text. am including a test clearsigned message in-line below, followed by an end plaintext, -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 clearsigned test -----BEGIN PGP SIGNATURE----- Version: 6.5.8ckt http://www.ipgpp.com/ Comment: { Acts of Kindness better the World, and protect the Soul } Comment: KeyID: 0x6A05A0B785306D25 Comment: Fingerprint: 96A6 5F71 1C43 8423 D9AE 02FD A711 97BA iQEVAwUBPjagrWoFoLeFMG0lAQMvrgf+ImhWUHOQ/58lO/Z+rCxdVcwbLfadWPtN 5CXD3umdCl9RCvBOvWGEvQEWH+D9m7jJclqh/QYX6F+pv+pLreJZahGpUqNfk2HU GZm3avjWzUqGhOvvxf8cFwfjRDYS+UB9O5rpd4bkapqW7QaedwhQbNf8e0pNW3JQ euVvvvwhDeeR396oWo/Y7HwqTxRFNLfw2WuzCJw3iOhBzwMU6j7AdUgVLXvKh9/P ynSjv4dKIXWG293WstQuiMuGAv0GvArG3Eh6QLcjH5nw8P366jVmFTUYz4GlqoUW T3OFF6vjo0CdV19K9nXehVNVkq/FakPCBsrOtrUzj87XFoxZhbaaBQ== =EKur -----END PGP SIGNATURE----- this ends the pgp message test, vedaal Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 From owner-ietf-openpgp@mail.imc.org Fri Jan 31 15:20:27 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA17694 for ; Fri, 31 Jan 2003 15:20:26 -0500 (EST) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0VK1QK18541 for ietf-openpgp-bks; Fri, 31 Jan 2003 12:01:26 -0800 (PST) Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.33]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0VK1Oo18535 for ; Fri, 31 Jan 2003 12:01:25 -0800 (PST) Received: from mailserver4.hushmail.com (mailserver4.hushmail.com [65.39.178.27]) by smtp3.hushmail.com (Postfix) with ESMTP id 5EF005D41 for ; Fri, 31 Jan 2003 12:01:20 -0800 (PST) Received: from mailserver4.hushmail.com (localhost [127.0.0.1]) by mailserver4.hushmail.com (8.12.6/8.12.3) with ESMTP id h0VK1I7d046946 for ; Fri, 31 Jan 2003 12:01:18 -0800 (PST) (envelope-from sbs@hush.ai) Received: (from nobody@localhost) by mailserver4.hushmail.com (8.12.6/8.12.3/Submit) id h0VK1H4n046918 for ietf-openpgp@imc.org; Fri, 31 Jan 2003 12:01:17 -0800 (PST) Message-Id: <200301312001.h0VK1H4n046918@mailserver4.hushmail.com> Date: Fri, 31 Jan 2003 12:01:16 -0800 To: ietf-openpgp@imc.org Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? From: "Brian Smith" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: >no clearsigned messages verify in hushmail, >they do not even display the pgp headers, footers and signatures >unless the >'show actual message' display is checked, and even then, while it >does >display everything, it verifies as 'bad' HushMail will verify the clearsigned message if the public key corresponding to the signature has been uploaded to our keyserver. Otherwise it should just display "Certificates could not be found for some of the signatures on the message". That's the behavior that I get when I read the "let's look..." message. Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0VK1QK18541 for ietf-openpgp-bks; Fri, 31 Jan 2003 12:01:26 -0800 (PST) Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.33]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0VK1Oo18535 for ; Fri, 31 Jan 2003 12:01:25 -0800 (PST) Received: from mailserver4.hushmail.com (mailserver4.hushmail.com [65.39.178.27]) by smtp3.hushmail.com (Postfix) with ESMTP id 5EF005D41 for ; Fri, 31 Jan 2003 12:01:20 -0800 (PST) Received: from mailserver4.hushmail.com (localhost [127.0.0.1]) by mailserver4.hushmail.com (8.12.6/8.12.3) with ESMTP id h0VK1I7d046946 for ; Fri, 31 Jan 2003 12:01:18 -0800 (PST) (envelope-from sbs@hush.ai) Received: (from nobody@localhost) by mailserver4.hushmail.com (8.12.6/8.12.3/Submit) id h0VK1H4n046918 for ietf-openpgp@imc.org; Fri, 31 Jan 2003 12:01:17 -0800 (PST) Message-Id: <200301312001.h0VK1H4n046918@mailserver4.hushmail.com> Date: Fri, 31 Jan 2003 12:01:16 -0800 To: ietf-openpgp@imc.org Cc: Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? From: "Brian Smith" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: >no clearsigned messages verify in hushmail, >they do not even display the pgp headers, footers and signatures >unless the >'show actual message' display is checked, and even then, while it >does >display everything, it verifies as 'bad' HushMail will verify the clearsigned message if the public key corresponding to the signature has been uploaded to our keyserver. Otherwise it should just display "Certificates could not be found for some of the signatures on the message". That's the behavior that I get when I read the "let's look..." message. Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0SFacc28874 for ietf-openpgp-bks; Tue, 28 Jan 2003 07:36:38 -0800 (PST) Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.33]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0SFabo28866 for ; Tue, 28 Jan 2003 07:36:37 -0800 (PST) Received: from mailserver2.hushmail.com (mailserver2.hushmail.com [65.39.178.21]) by smtp3.hushmail.com (Postfix) with ESMTP id EBA476679 for ; Tue, 28 Jan 2003 07:36:31 -0800 (PST) Received: from mailserver2.hushmail.com (localhost.hushmail.com [127.0.0.1]) by mailserver2.hushmail.com (8.12.6/8.12.3) with ESMTP id h0SFaWsW027440 for ; Tue, 28 Jan 2003 07:36:32 -0800 (PST) (envelope-from vedaal@hush.com) Received: (from nobody@localhost) by mailserver2.hushmail.com (8.12.6/8.12.3/Submit) id h0SFaVFP027436 for ietf-openpgp@imc.org; Tue, 28 Jan 2003 07:36:31 -0800 (PST) Message-Id: <200301281536.h0SFaVFP027436@mailserver2.hushmail.com> Date: Tue, 28 Jan 2003 07:36:31 -0800 To: ietf-openpgp@imc.org Cc: Subject: Re: How about this? (Re: Standardizing inline PGP for e-mail?) From: vedaal@hush.com Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, 27 Jan 2003 08:17:54 -0800 john.dlugosz@kodak.com wrote: >How about this variation: > >Add an X-header to the message. or possibly a simple generic solution {*if * it would work} on the user end, to just preface the pgp clearsigned message with: below is a clearsigned pgp message, and so, try to 'fool' the e-mail client that the message begins and ends with plain text. am including a test clearsigned message in-line below, followed by an end plaintext, -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 clearsigned test -----BEGIN PGP SIGNATURE----- Version: 6.5.8ckt http://www.ipgpp.com/ Comment: { Acts of Kindness better the World, and protect the Soul } Comment: KeyID: 0x6A05A0B785306D25 Comment: Fingerprint: 96A6 5F71 1C43 8423 D9AE 02FD A711 97BA iQEVAwUBPjagrWoFoLeFMG0lAQMvrgf+ImhWUHOQ/58lO/Z+rCxdVcwbLfadWPtN 5CXD3umdCl9RCvBOvWGEvQEWH+D9m7jJclqh/QYX6F+pv+pLreJZahGpUqNfk2HU GZm3avjWzUqGhOvvxf8cFwfjRDYS+UB9O5rpd4bkapqW7QaedwhQbNf8e0pNW3JQ euVvvvwhDeeR396oWo/Y7HwqTxRFNLfw2WuzCJw3iOhBzwMU6j7AdUgVLXvKh9/P ynSjv4dKIXWG293WstQuiMuGAv0GvArG3Eh6QLcjH5nw8P366jVmFTUYz4GlqoUW T3OFF6vjo0CdV19K9nXehVNVkq/FakPCBsrOtrUzj87XFoxZhbaaBQ== =EKur -----END PGP SIGNATURE----- this ends the pgp message test, vedaal Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0RGJL117301 for ietf-openpgp-bks; Mon, 27 Jan 2003 08:19:21 -0800 (PST) Received: from smtp1.kodak.com (smtp1.kodak.com [192.232.121.200]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0RGJFo17288 for ; Mon, 27 Jan 2003 08:19:16 -0800 (PST) Received: from knotes.kodak.com (knotes2.ko.kodak.com [150.221.122.53]) by smtp1.kodak.com (8.11.3/8.11.1) with ESMTP id h0RGJGK29830 for ; Mon, 27 Jan 2003 11:19:16 -0500 (EST) To: ietf-openpgp@imc.org Subject: How about this? (Re: Standardizing inline PGP for e-mail?) X-Mailer: Lotus Notes Release 5.0.5 September 22, 2000 Message-ID: From: john.dlugosz@kodak.com Date: Mon, 27 Jan 2003 10:17:54 -0600 X-MIMETrack: Serialize by Router on KNOTES2/ISBP/EKC(Release 5.0.11 |July 24, 2002) at 01/27/2003 11:19:16 AM, Serialize complete at 01/27/2003 11:19:16 AM MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_alternative 005987B486256CBB_=" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is a multipart message in MIME format. --=_alternative 005987B486256CBB_= Content-Type: text/plain; charset="us-ascii" How about this variation: Add an X-header to the message. Everybody not "in the know" will certainly ignore it. It serves the same purpose as the original proposal, allowing those that are "in the know" to decode the message automatically or otherwise take action without having to parse the body to discover the existance of inline PGP. If the purpose of this is to trigger automatic decoding, have something like X-PGP-autodecrypt: true also, a value of false can explicitly tell the MUA not to automatically decrypt. --John "Michael Young" Sent by: owner-ietf-openpgp@mail.imc.org 01/24/03 12:53 PM To: cc: Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 From: "David Shaw" > On Fri, Jan 24, 2003 at 11:08:25AM -0500, Michael Young wrote: > > David Shaw wrote: > > > I think in general that creating a new subtype of text to solve this ... > I think we've seen in this thread that the "lite" form is not > displayed at all in agents that don't support it. That's an overstatement. Several MUAs handled it just fine (and mutt is clearly going to be changed in the process, so it will also). (The only failure I saw was Outlook XP, but I may have missed something.) But, I missed that you were talking specifically about the subtype idea... > Thomas' original suggestion to use UTF8 encoding along with text/plain > works very nicely on several levels. First, it works without forcing > the MUA author to do anything. Second, in most cases even if MUA "A" > does it slightly wrong (say, not doing the UTF8), MUA "B" can still > handle it. It's simple. It works. Where is the problem? The main reason we went down the subtype path was that Ned balked at using text/plain with extra tags. (Thomas suggested the tags to let in-the-know MUAs take automatic action, and Ned balked there, too.) Experimenting with subtypes was a fine idea, but it hasn't been a complete success. I'm happy to back off to text/plain, and I'm happy with the extra tags. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPjGLmOc3iHYL8FknEQJ37ACghzrVLCZlW9gUpPafuY1/8GRObN4An112 t8VJroo4FslcDx/6bTVCw77+ =xHO7 -----END PGP SIGNATURE----- --=_alternative 005987B486256CBB_= Content-Type: text/html; charset="us-ascii"
How about this variation:

Add an X-header to the message.  Everybody not "in the know" will certainly ignore it.  It serves the same purpose as the original proposal, allowing those that are "in the know" to decode the message automatically or otherwise take action without having to parse the body to discover the existance of inline PGP.

If the purpose of this is to trigger automatic decoding, have something like
        X-PGP-autodecrypt: true

also, a value of false can explicitly tell the MUA not to automatically decrypt.

--John



"Michael Young" <mwy-opgp97@the-youngs.org>
Sent by: owner-ietf-openpgp@mail.imc.org

01/24/03 12:53 PM

       
        To:        <ietf-openpgp@imc.org>
        cc:        
        Subject:        Re: let's look...  Re: Standardizing inline PGP for e-mail?




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

From: "David Shaw" <dshaw@jabberwocky.com>
> On Fri, Jan 24, 2003 at 11:08:25AM -0500, Michael Young wrote:
> > David Shaw wrote:
> > > I think in general that creating a new subtype of text to solve this
...
> I think we've seen in this thread that the "lite" form is not
> displayed at all in agents that don't support it.

That's an overstatement.  Several MUAs handled it just fine (and
mutt is clearly going to be changed in the process, so it will also).
(The only failure I saw was Outlook XP, but I may have missed something.)

But, I missed that you were talking specifically about the subtype idea...

> Thomas' original suggestion to use UTF8 encoding along with text/plain
> works very nicely on several levels.  First, it works without forcing
> the MUA author to do anything.  Second, in most cases even if MUA "A"
> does it slightly wrong (say, not doing the UTF8), MUA "B" can still
> handle it.  It's simple.  It works.  Where is the problem?

The main reason we went down the subtype path was that Ned balked at
using text/plain with extra tags.  (Thomas suggested the tags to let
in-the-know MUAs take automatic action, and Ned balked there, too.)
Experimenting with subtypes was a fine idea, but it hasn't been a
complete success.  I'm happy to back off to text/plain, and I'm happy
with the extra tags.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQA/AwUBPjGLmOc3iHYL8FknEQJ37ACghzrVLCZlW9gUpPafuY1/8GRObN4An112
t8VJroo4FslcDx/6bTVCw77+
=xHO7
-----END PGP SIGNATURE-----

--=_alternative 005987B486256CBB_=-- Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0Q1oMi08503 for ietf-openpgp-bks; Sat, 25 Jan 2003 17:50:22 -0800 (PST) Received: from mauve.mrochek.com (mauve.mrochek.com [209.55.107.55]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0Q1oLo08499 for ; Sat, 25 Jan 2003 17:50:21 -0800 (PST) Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01KRNRYLD6LC002O3W@mauve.mrochek.com> for ietf-openpgp@imc.org; Sat, 25 Jan 2003 17:50:23 -0800 (PST) Date: Sat, 25 Jan 2003 17:41:56 -0800 (PST) From: ned.freed@mrochek.com Subject: Re: Standardizing inline PGP for e-mail? In-reply-to: "Your message dated Wed, 22 Jan 2003 23:37:54 +0100" <20030122223754.GC26081@coruscant.does-not-exist.org> To: Thomas Roessler Cc: Michael Young , ned.freed@mrochek.com, ietf-openpgp@imc.org Message-id: <01KRNSNYFHRS002O3W@mauve.mrochek.com> MIME-version: 1.0 Content-type: TEXT/PLAIN; CHARSET=us-ascii Content-transfer-encoding: 7BIT References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122223754.GC26081@coruscant.does-not-exist.org> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: > On 2003-01-22 14:30:48 -0500, Michael Young wrote: > > This only seems useful if you convince *forward-looking* user > > agents to adopt it, for the benefit of those using naive user > > agents. That seems unlikely, as many of them have picked up on > > PGP/MIME, and would view this as a step backwards. But I'm happy > > for you to write it up. > Maybe I should explain the rationale somewhat more. First of all, > with mutt, we generally try to parse things as late as possible -- > scanning text/plain for signs of encrypted or signed material is an > action which explicitly has to be triggered by the user. From that > point of view, having a separate content type is certainly the thing > to do. > On the other hand, we had lots of complaints when we were using an > application/ content type for inline PGP messages (from those who > insisted in sending and receiving inline messages). So we were > looking for a way to generate inline messages which can (1) be > handled by users with pgp-agnostic user agents, and (2) be > recognized as PGP-messages early in the parsing process. A MIME > parameter for text/plain looked like an easy way to do this. The default handling rules for unknown application types are very different from those for unknown text subtypes. It seems to me that the default for text subtypes is more or less what you want. Of course not all user agents follow the rules for either one. But this will hold true for any trick you use. For example, there's a popular user agent that can fail in the presence of unexpected media type parameters. (Specifically, its an older agent used in Japan that's sensitive both to unknown parameters and parameter ordering, both entirely contrary to the MIME specification.) Another example is how the original deployment of MIME was hindered by the presence of agents that removed headers they did not recognize, such as content-type or content-transfer-encoding. There's a point where you have to say "enough" and move forward anyhow. The real question is where that point lies. Ned Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0PNGfT06863 for ietf-openpgp-bks; Sat, 25 Jan 2003 15:16:41 -0800 (PST) Received: from mauve.mrochek.com (mauve.mrochek.com [209.55.107.55]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0PNGco06859 for ; Sat, 25 Jan 2003 15:16:38 -0800 (PST) Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01KRNDLW5ZQ8009UB3@mauve.mrochek.com> for ietf-openpgp@imc.org; Sat, 25 Jan 2003 15:16:36 -0800 (PST) Date: Sat, 25 Jan 2003 15:05:08 -0800 (PST) From: ned.freed@mrochek.com Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? In-reply-to: "Your message dated Fri, 24 Jan 2003 16:35:31 -0500" <45210000.1043444131@socrates.cyrusoft.com> To: Cyrus Daboo Cc: Michael Young , ietf-openpgp@imc.org Message-id: <01KRNNAB9NW2009UB3@mauve.mrochek.com> MIME-version: 1.0 Content-type: TEXT/PLAIN; CHARSET=us-ascii; format=flowed Content-transfer-encoding: 7BIT References: <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <20030122223754.GC26081@coruscant.does-not-exist.org> <20030122235431.GA28453@coruscant.does-not-exist.org> <20030123213537.GA13061@jabberwocky.com> <1043397070.855.25.camel@altfrangg.fortytwo.ch> <002601c2c3c2$d3e57fe0$f0c12609@transarc.ibm.com> <20030124170327.GN13174@jabberwocky.com> <004801c2c3d9$e3565280$f0c12609@transarc.ibm.com> <45210000.1043444131@socrates.cyrusoft.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: > Hi Michael, > --On Friday, January 24, 2003 01:53:29 PM -0500 Michael Young > wrote: > | The main reason we went down the subtype path was that Ned balked at > | using text/plain with extra tags. (Thomas suggested the tags to let > | in-the-know MUAs take automatic action, and Ned balked there, too.) > | Experimenting with subtypes was a fine idea, but it hasn't been a > | complete success. I'm happy to back off to text/plain, and I'm happy > | with the extra tags. > One alternative, that may or not be as controversial as adding parameters > to Content-Type, would be to add a parameter to Content-Disposition > instead, e.g.: > Content-Disposition: inline; signed=pgp This isn't what content-disposition parameters are for either: They are supposed to be used to elaborate on the chosen disposition, in a fashion similar to how media type parameters elaborate on the media type. Another approach would be to make this a new content-disposition, however, the default semantics of an unknown disposition (treat as attachment) are nowhere near as good as the default semantics for an unknown text subtype (show or offer to show the data to the user). There's also the issue that existing dispositions seem largely (but not entirely) orthogonal to whether or not the object is clearsigned. > This has the benefit of leaving Content-Type as-is, and its also easily > accessible to IMAP clients via the IMAP BODYSTRUCTURE response, removing > the need for such clients to retrieve individual MIME part headers, which > they would otherwise have to do if some X-Content header were used. The > argument against this is that this change may be against the original > design for Content-Disposition. It is not, however, something existing client dispatch mechanisms are likely to support. Support for dispatch based on media type is widely supported. > So there are five alternatives to choose from: > 1) Do nothing (actually promote better support/understanding for PGP/MIME) I note that several people appear to favor this approach. I certainly have no problem with this choice. > 2) Add a parameter to Content-Type I find this unacceptable for the multiple reasons I've already given. > 3) Use a different text subtype for Content-Type This is the approach I favor. > 4) Add a parameter to Content-Disposition This has many of the same problems as adding a new content type parameter. > 5) Add a new MIME part header Yuck. Ned Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0PE9OM24002 for ietf-openpgp-bks; Sat, 25 Jan 2003 06:09:24 -0800 (PST) Received: from gluggsi.fortytwo.ch (zux006-042-224.adsl.green.ch [81.6.42.224]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0PE9Mo23998 for ; Sat, 25 Jan 2003 06:09:22 -0800 (PST) Received: from altfrangg.fortytwo.ch (altfrangg.fortytwo.ch [192.168.1.17]) by gluggsi.fortytwo.ch (Postfix) with ESMTP id BCE937A48 for ; Sat, 25 Jan 2003 15:09:14 +0100 (CET) Received: by altfrangg.fortytwo.ch (Postfix, from userid 1000) id 0C2CC8BA5E; Sat, 25 Jan 2003 15:09:14 +0100 (CET) Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? From: "Adrian 'Dagurashibanipal' von Bidder" To: ietf-openpgp@imc.org In-Reply-To: <45210000.1043444131@socrates.cyrusoft.com> References: <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <20030122223754.GC26081@coruscant.does-not-exist.org> <20030122235431.GA28453@coruscant.does-not-exist.org> <20030123213537.GA13061@jabberwocky.com> <1043397070.855.25.camel@altfrangg.fortytwo.ch> <002601c2c3c2$d3e57fe0$f0c12609@transarc.ibm.com> <20030124170327.GN13174@jabberwocky.com> <004801c2c3d9$e3565280$f0c12609@transarc.ibm.com> <45210000.1043444131@socrates.cyrusoft.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-rDQ6as0TgwxSPCatqMD0" Organization: Message-Id: <1043503753.563.11.camel@altfrangg.fortytwo.ch> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.1 Date: 25 Jan 2003 15:09:13 +0100 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --=-rDQ6as0TgwxSPCatqMD0 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fre, 2003-01-24 at 22:35, Cyrus Daboo wrote: > One alternative, that may or not be as controversial as adding parameters= =20 > to Content-Type, would be to add a parameter to Content-Disposition=20 > instead, e.g.: Hmmm. While it's not so nice to access via IMAP, and it's conceptually not so elegant, why not add an extra header?=20 X-PGP-Data: clearsigned=20 or X-PGP-Data: encrypted We get + no MIME parser gets confused, situation will be no worse than it is now + many MUAs allow extra headers to be added to messages with little effort. So, people could use this even if their mailer doesn't. + same, for incoming mail: procmail and formail are your friends, so if your MUA supports this you can view (almost) all inline signed msgs - needs special casing in the MUA when parsing a message. But inline pgp needs special casing anyway, so it's probably still better than status quo. The idea to standardise to utf-8 may still be a good one, but I feel it's not necessary as long as both gpg and sending MUA have the same opinion of the charset used (and declare it, too). cheers -- vbi --=20 featured link: http://fortytwo.ch/gpg/subkeys --=-rDQ6as0TgwxSPCatqMD0 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: get my key from http://fortytwo.ch/gpg/92082481 iHMEABECADMFAj4ymoksGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99Z7EQCg6XrhD4YgTy5xc56ql5C7S7UCSdsA nR0USKaTwYjRxQpKBjb1PGxLr6+y =ADAm -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/legal/gpg/email.20020822 --=-rDQ6as0TgwxSPCatqMD0-- Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0P3kre10027 for ietf-openpgp-bks; Fri, 24 Jan 2003 19:46:53 -0800 (PST) Received: from claude.jabberwocky.com (walrus.ne.client2.attbi.com [24.60.130.129]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0P3kqo10023 for ; Fri, 24 Jan 2003 19:46:52 -0800 (PST) Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id h0P3knw29841 for ietf-openpgp@imc.org; Fri, 24 Jan 2003 22:46:49 -0500 Date: Fri, 24 Jan 2003 22:46:49 -0500 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Standardizing inline PGP for e-mail? Message-ID: <20030125034649.GC13174@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <01KRMHLBX2FI002DEU@mauve.mrochek.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <01KRMHLBX2FI002DEU@mauve.mrochek.com> X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-URL: http://www.jabberwocky.com/ X-Phase-Of-Moon: The Moon is Waning Gibbous (67% of Full) User-Agent: Mutt/1.5.2i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Fri, Jan 24, 2003 at 07:17:09PM -0800, ned.freed@mrochek.com wrote: > > FWIW, there is a standards track precedence for Thomas' approach; the > > RFC 2646 format=flowed parameter that modifies how text/plain is > > rendered. > > I did and do have deep misgivings about format=flowed; it treads dangerously > close to the line and may indeed step a bit over it. But there's a huge > difference between something that says "it is OK to wrap these lines for > display" and something that says "Surprise! This is now structured material > containing an elaborate security object that requires extensive processing in > order to handle properly". I don't know if I'd go that far. Perhaps it is structured material, but does it matter? The client can perfectly legally just display it to the user completely untouched with no processing at all. The tag seems more like a processing hint to me, which can be ignored by the MUA. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0P3N5W09326 for ietf-openpgp-bks; Fri, 24 Jan 2003 19:23:05 -0800 (PST) Received: from mauve.mrochek.com (mauve.mrochek.com [209.55.107.55]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0P3Mwo09314 for ; Fri, 24 Jan 2003 19:22:58 -0800 (PST) Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01KRMFC01JCW002DEU@mauve.mrochek.com> for ietf-openpgp@imc.org; Fri, 24 Jan 2003 19:22:55 -0800 (PST) Date: Fri, 24 Jan 2003 19:17:09 -0800 (PST) From: ned.freed@mrochek.com Subject: Re: Standardizing inline PGP for e-mail? In-reply-to: "Your message dated Thu, 23 Jan 2003 14:41:36 +0100" To: Simon Josefsson Cc: ned.freed@mrochek.com, Thomas Roessler , ietf-openpgp@imc.org Message-id: <01KRMHLBX2FI002DEU@mauve.mrochek.com> MIME-version: 1.0 Content-type: TEXT/PLAIN; CHARSET=us-ascii Content-transfer-encoding: 7BIT References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: > ned.freed@mrochek.com writes: > >> It seems like inline PGP messages just can't be eradicated, despite > >> all the PGP/MIME we have. I'm wondering if it would be reasonable > >> to produce an RFC on (1) how to tag this on the MIME level, and (2) > >> how to avoid character set problems. > > > >> Here's the simple proposal (in rough words), as currently > >> implemented in the Mutt mail user agent. > > > >> 1. Inline PGP messages use text/plain as their MIME type. Inline > >> PGP material is announced in an additional MIME parameter (we call > >> it x-action right now), which can take the values "pgp-encrypt", > >> "pgp-sign". > > > > Such usage clearly violates RFC 2046 section 4.1.3, which states > > that text/plain is intended for material that isn't formatted in any way: > > > > Plain text is intended to be displayed "as-is", that is, no interpretation of > > embedded formatting commands, font attribute specifications, processing > > instructions, interpretation directives, or content markup should be necessary > > for proper display > > > > It also violates the intended use of media type parameters, which are supposed > > to qualify the format being used rather than identifying it. Format > > identification is supposed to be done by the media type. > FWIW, there is a standards track precedence for Thomas' approach; the > RFC 2646 format=flowed parameter that modifies how text/plain is > rendered. I did and do have deep misgivings about format=flowed; it treads dangerously close to the line and may indeed step a bit over it. But there's a huge difference between something that says "it is OK to wrap these lines for display" and something that says "Surprise! This is now structured material containing an elaborate security object that requires extensive processing in order to handle properly". The two cases really aren't at all comparable IMO. Ned Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0ONiYR03968 for ietf-openpgp-bks; Fri, 24 Jan 2003 15:44:34 -0800 (PST) Received: from mail.uni-bielefeld.de (IDENT:72@mail2.uni-bielefeld.de [129.70.4.90]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0ONiWo03959 for ; Fri, 24 Jan 2003 15:44:32 -0800 (PST) Received: from 192.168.0.17 (ppp36-226.hrz.uni-bielefeld.de [129.70.36.226]) by mail.uni-bielefeld.de (Sun Internet Mail Server sims.4.0.2000.10.12.16.25.p8) with ESMTP id <0H98009QGSM557@mail.uni-bielefeld.de> for ietf-openpgp@imc.org; Sat, 25 Jan 2003 00:44:31 +0100 (MET) Date: Fri, 24 Jan 2003 23:53:42 +0100 From: Marc Mutz Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? In-reply-to: <20030122235431.GA28453@coruscant.does-not-exist.org> To: ietf-openpgp@imc.org Message-id: <200301242353.56541@sendmail.mutz.com> Organization: KDE MIME-version: 1.0 Content-type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_EQcM+Gzft5cr8/P"; charset="us-ascii" Content-transfer-encoding: 7bit User-Agent: KMail/1.5.9 X-PGP-Key: 0xBDBFE838 References: <20030122152135.GA17189@coruscant.does-not-exist.org> <20030122223754.GC26081@coruscant.does-not-exist.org> <20030122235431.GA28453@coruscant.does-not-exist.org> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --Boundary-02=_EQcM+Gzft5cr8/P Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Thursday 23 January 2003 00:54, Thomas Roessler wrote: > This message contains inline PGP material tagged as text/x-pgp. KMail (1.5.x) displays it as if it was t/p. Marc =2D-=20 It's good fortune for the government that the masses don't think. -- Adolf Hitler --Boundary-02=_EQcM+Gzft5cr8/P Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA+McQE3oWD+L2/6DgRArosAKCiOo5eQ+FvfF7CT5iIChX33RVM+wCeKNX8 oB5eQAeQxod9lOejFhSWSY0= =7ifL -----END PGP SIGNATURE----- --Boundary-02=_EQcM+Gzft5cr8/P-- Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0ONiYU03969 for ietf-openpgp-bks; Fri, 24 Jan 2003 15:44:34 -0800 (PST) Received: from mail.uni-bielefeld.de (IDENT:72@mail2.uni-bielefeld.de [129.70.4.90]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0ONiWo03960 for ; Fri, 24 Jan 2003 15:44:32 -0800 (PST) Received: from 192.168.0.17 (ppp36-226.hrz.uni-bielefeld.de [129.70.36.226]) by mail.uni-bielefeld.de (Sun Internet Mail Server sims.4.0.2000.10.12.16.25.p8) with ESMTP id <0H98009QGSM557@mail.uni-bielefeld.de> for ietf-openpgp@imc.org; Sat, 25 Jan 2003 00:44:32 +0100 (MET) Date: Sat, 25 Jan 2003 00:00:56 +0100 From: Marc Mutz Subject: Re: Standardizing inline PGP for e-mail? In-reply-to: <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> To: ietf-openpgp@imc.org Message-id: <200301250000.56934@sendmail.mutz.com> Organization: KDE MIME-version: 1.0 Content-type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_oWcM+83vJe590gE"; charset="iso-8859-1" Content-transfer-encoding: 7bit User-Agent: KMail/1.5.9 X-PGP-Key: 0xBDBFE838 References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --Boundary-02=_oWcM+83vJe590gE Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Wednesday 22 January 2003 20:30, Michael Young wrote: > > Sounds fine, but it begs the question of why, if you're going to > > introduce a major operationaal change to how PGP signs things, you > > don't just change to generating multipart/signed. > (I also wouldn't call this an operational change to how PGP signs > things -- the actual signing doesn't change. We're simply talking > about the MIME wrapping done by the mail user agent.) It _is_ an operational change, since the "pre-draft" proposes to label=20 utf-8 data with us-ascii. MUAs will not be prepared to decode UTF-8=20 when the Content-Type says "us-ascii"... Marc =2D-=20 They [RIAA,MPAA] are trying to invent a new crime: interference with a business model. --Bruce Schneier, Crypto-Gram 08/2002 --Boundary-02=_oWcM+83vJe590gE Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA+McWo3oWD+L2/6DgRAg3JAJ9G1EKiC5Z3rlxgXAri9DedaJZdDwCeMsz0 OTAqM7xheyraEMMFUN8M2CY= =gJ6+ -----END PGP SIGNATURE----- --Boundary-02=_oWcM+83vJe590gE-- Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0OLZa200796 for ietf-openpgp-bks; Fri, 24 Jan 2003 13:35:36 -0800 (PST) Received: from darius.cyrusoft.com (darius.cyrusoft.com [63.163.82.2]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0OLZZo00792 for ; Fri, 24 Jan 2003 13:35:35 -0800 (PST) Received: from socrates.cyrusoft.com (localhost [127.0.0.1]) by darius.cyrusoft.com (8.9.3/8.9.3) with ESMTP id QAA13740; Fri, 24 Jan 2003 16:32:16 -0500 (EST) Date: Fri, 24 Jan 2003 16:35:31 -0500 From: Cyrus Daboo To: Michael Young , ietf-openpgp@imc.org Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? Message-ID: <45210000.1043444131@socrates.cyrusoft.com> In-Reply-To: <004801c2c3d9$e3565280$f0c12609@transarc.ibm.com> References: <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <20030122223754.GC26081@coruscant.does-not-exist.org> <20030122235431.GA28453@coruscant.does-not-exist.org> <20030123213537.GA13061@jabberwocky.com> <1043397070.855.25.camel@altfrangg.fortytwo.ch> <002601c2c3c2$d3e57fe0$f0c12609@transarc.ibm.com> <20030124170327.GN13174@jabberwocky.com> <004801c2c3d9$e3565280$f0c12609@transarc.ibm.com> X-Mailer: Mulberry/3.0.0b12 (Linux/PPC) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hi Michael, --On Friday, January 24, 2003 01:53:29 PM -0500 Michael Young wrote: | The main reason we went down the subtype path was that Ned balked at | using text/plain with extra tags. (Thomas suggested the tags to let | in-the-know MUAs take automatic action, and Ned balked there, too.) | Experimenting with subtypes was a fine idea, but it hasn't been a | complete success. I'm happy to back off to text/plain, and I'm happy | with the extra tags. One alternative, that may or not be as controversial as adding parameters to Content-Type, would be to add a parameter to Content-Disposition instead, e.g.: Content-Disposition: inline; signed=pgp This has the benefit of leaving Content-Type as-is, and its also easily accessible to IMAP clients via the IMAP BODYSTRUCTURE response, removing the need for such clients to retrieve individual MIME part headers, which they would otherwise have to do if some X-Content header were used. The argument against this is that this change may be against the original design for Content-Disposition. So there are five alternatives to choose from: 1) Do nothing (actually promote better support/understanding for PGP/MIME) 2) Add a parameter to Content-Type 3) Use a different text subtype for Content-Type 4) Add a parameter to Content-Disposition 5) Add a new MIME part header -- Cyrus Daboo Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0OIskl24707 for ietf-openpgp-bks; Fri, 24 Jan 2003 10:54:46 -0800 (PST) Received: from xfw.transarc.ibm.com (xfw.transarc.ibm.com [192.54.226.51]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0OIsio24703 for ; Fri, 24 Jan 2003 10:54:45 -0800 (PST) Received: from mailhost.transarc.ibm.com (mailhost.transarc.ibm.com [9.38.192.124]) by xfw.transarc.ibm.com (AIX4.3/UCB 8.7/8.7) with ESMTP id NAA61256 for ; Fri, 24 Jan 2003 13:39:26 -0500 (EST) Received: from mwyoung (dhcp-193-40.transarc.ibm.com [9.38.193.240]) by mailhost.transarc.ibm.com (8.8.0/8.8.0) with SMTP id NAA13823 for ; Fri, 24 Jan 2003 13:54:41 -0500 (EST) Message-ID: <004801c2c3d9$e3565280$f0c12609@transarc.ibm.com> From: "Michael Young" To: References: <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <20030122223754.GC26081@coruscant.does-not-exist.org> <20030122235431.GA28453@coruscant.does-not-exist.org> <20030123213537.GA13061@jabberwocky.com> <1043397070.855.25.camel@altfrangg.fortytwo.ch> <002601c2c3c2$d3e57fe0$f0c12609@transarc.ibm.com> <20030124170327.GN13174@jabberwocky.com> Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? Date: Fri, 24 Jan 2003 13:53:29 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 From: "David Shaw" > On Fri, Jan 24, 2003 at 11:08:25AM -0500, Michael Young wrote: > > David Shaw wrote: > > > I think in general that creating a new subtype of text to solve this ... > I think we've seen in this thread that the "lite" form is not > displayed at all in agents that don't support it. That's an overstatement. Several MUAs handled it just fine (and mutt is clearly going to be changed in the process, so it will also). (The only failure I saw was Outlook XP, but I may have missed something.) But, I missed that you were talking specifically about the subtype idea... > Thomas' original suggestion to use UTF8 encoding along with text/plain > works very nicely on several levels. First, it works without forcing > the MUA author to do anything. Second, in most cases even if MUA "A" > does it slightly wrong (say, not doing the UTF8), MUA "B" can still > handle it. It's simple. It works. Where is the problem? The main reason we went down the subtype path was that Ned balked at using text/plain with extra tags. (Thomas suggested the tags to let in-the-know MUAs take automatic action, and Ned balked there, too.) Experimenting with subtypes was a fine idea, but it hasn't been a complete success. I'm happy to back off to text/plain, and I'm happy with the extra tags. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPjGLmOc3iHYL8FknEQJ37ACghzrVLCZlW9gUpPafuY1/8GRObN4An112 t8VJroo4FslcDx/6bTVCw77+ =xHO7 -----END PGP SIGNATURE----- Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0OHgi720338 for ietf-openpgp-bks; Fri, 24 Jan 2003 09:42:44 -0800 (PST) Received: from thetis.deor.org (thetis.deor.org [207.106.86.210]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0OHggo20334 for ; Fri, 24 Jan 2003 09:42:42 -0800 (PST) Received: by thetis.deor.org (Postfix, from userid 500) id D4D584517D; Fri, 24 Jan 2003 09:42:42 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by thetis.deor.org (Postfix) with ESMTP id BED0B48025; Fri, 24 Jan 2003 09:42:42 -0800 (PST) Date: Fri, 24 Jan 2003 09:42:42 -0800 (PST) From: Len Sassaman X-Sender: To: Thomas Roessler Cc: Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? In-Reply-To: <20030122235431.GA28453@coruscant.does-not-exist.org> Message-ID: X-AIM: Elom777 X-icq: 10735603 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Thu, 23 Jan 2003, Thomas Roessler wrote: > > Thanks for that suggestion. Will look into it. > > This message contains inline PGP material tagged as text/x-pgp. I'd > be curious to learn what kind of behaviour this causes. In > particular, are those whose user agents aren't prepared to handle > PGP by default able to display the "raw" clearsigned material > without problems? This works just fine with pine/pgpenvelope (which gives enormous headaches with PGP/MIME or application/pgp). Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0OH3W617285 for ietf-openpgp-bks; Fri, 24 Jan 2003 09:03:32 -0800 (PST) Received: from claude.jabberwocky.com (walrus.ne.client2.attbi.com [24.60.130.129]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0OH3Vo17281 for ; Fri, 24 Jan 2003 09:03:31 -0800 (PST) Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id h0OH3Rn23853 for ietf-openpgp@imc.org; Fri, 24 Jan 2003 12:03:27 -0500 Date: Fri, 24 Jan 2003 12:03:27 -0500 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? Message-ID: <20030124170327.GN13174@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <20030122223754.GC26081@coruscant.does-not-exist.org> <20030122235431.GA28453@coruscant.does-not-exist.org> <20030123213537.GA13061@jabberwocky.com> <1043397070.855.25.camel@altfrangg.fortytwo.ch> <002601c2c3c2$d3e57fe0$f0c12609@transarc.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <002601c2c3c2$d3e57fe0$f0c12609@transarc.ibm.com> X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-URL: http://www.jabberwocky.com/ X-Phase-Of-Moon: The Moon is Waning Gibbous (67% of Full) User-Agent: Mutt/1.5.2i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Fri, Jan 24, 2003 at 11:08:25AM -0500, Michael Young wrote: > David Shaw wrote: > > I think in general that creating a new subtype of text to solve this > > problem is a non-starter. Part of the original problem was that not > > enough mailers supported PGP/MIME (or indeed, MIME in general) > > sufficiently well. I suspect that using a new subtype will eventually > > end up as "PGP/MIME lite" and will similarly not be supported. > > The point is that the "lite" form is displayed reasonably even in > agents that don't "support" it. They show it as text. When > confronted with multipart/signed, some agents display the pieces > as attachments or not at all; this makes reading the text painful, > and verifying the signature manually even more so. I think we've seen in this thread that the "lite" form is not displayed at all in agents that don't support it. There will always be some email client that can't handle the new content-type. One of the main complaints about PGP/MIME is that it does not degrade well, and this has the same problem. Even mutt, (which Thomas should know well ;)), had a problem with his test mail until I went in and mucked with the configuration. Why go out of our way to make regular clearsigned messages more confusing and much more likely to Just Not Work for fiddling reasons that are going to be different on every single mailer? Getting fancy here feels good and we can produce all sorts of interesting documents that most MUA writers will ignore, and argue about little details until we are blue in the face, but it does not fix the actual problem we're having in the real world. Thomas' original suggestion to use UTF8 encoding along with text/plain works very nicely on several levels. First, it works without forcing the MUA author to do anything. Second, in most cases even if MUA "A" does it slightly wrong (say, not doing the UTF8), MUA "B" can still handle it. It's simple. It works. Where is the problem? David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0OGoBK16674 for ietf-openpgp-bks; Fri, 24 Jan 2003 08:50:11 -0800 (PST) Received: from smtp1.kodak.com (smtp1.kodak.com [192.232.121.200]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0OGo5o16666 for ; Fri, 24 Jan 2003 08:50:05 -0800 (PST) Received: from knotes.kodak.com (knotes2.ko.kodak.com [150.221.122.53]) by smtp1.kodak.com (8.11.3/8.11.1) with ESMTP id h0OGo6a00467 for ; Fri, 24 Jan 2003 11:50:06 -0500 (EST) To: ietf-openpgp@imc.org Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? X-Mailer: Lotus Notes Release 5.0.5 September 22, 2000 Message-ID: From: john.dlugosz@kodak.com Date: Fri, 24 Jan 2003 10:50:02 -0600 X-MIMETrack: Serialize by Router on KNOTES2/ISBP/EKC(Release 5.0.11 |July 24, 2002) at 01/24/2003 11:50:06 AM MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_mixed 005C76C286256CB8_=" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --=_mixed 005C76C286256CB8_= Content-Type: multipart/alternative; boundary="=_alternative 005C76C286256CB8_=" --=_alternative 005C76C286256CB8_= Content-Type: text/plain; charset="us-ascii" FWIW, Lotus Notes displayed this message with an attachment for the signature. I have no idea how to verify it. I suppose I would have to paste the content and the signature into a text file, mark up the -----BEGIN PGP etc. delimiter lines, and then try? --John "Adrian 'Dagurashibanipal' von Bidder" Sent by: owner-ietf-openpgp@mail.imc.org 01/24/03 02:31 AM To: ietf-openpgp@imc.org cc: Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? On Don, 2003-01-23 at 22:35, David Shaw wrote: > I think in general that creating a new subtype of text to solve this > problem is a non-starter. Part of the original problem was that not > enough mailers supported PGP/MIME (or indeed, MIME in general) > sufficiently well. I suspect that using a new subtype will eventually > end up as "PGP/MIME lite" and will similarly not be supported. Additionally, specifying inline PGP could make Software vendors even more reluctant to support PGP/MIME properly. Why not make it absolutely clear that PGP/MIME is the only form of PGP in email mailers are supposed to use. inline pgp won't get worse as it is - but manpower should be directed into making PGP/MIME work, not into fixing inline pgp, imho. cheers -- vbi -- featured link: http://fortytwo.ch/gpg/subkeys --=_alternative 005C76C286256CB8_= Content-Type: text/html; charset="us-ascii"
FWIW, Lotus Notes displayed this message with an attachment for the signature.
I have no idea how to verify it.  I suppose I would have to paste the content and the signature into a text file, mark up the -----BEGIN PGP etc. delimiter lines, and then try?  

--John



"Adrian 'Dagurashibanipal' von Bidder" <avbidder@fortytwo.ch>
Sent by: owner-ietf-openpgp@mail.imc.org

01/24/03 02:31 AM

       
        To:        ietf-openpgp@imc.org
        cc:        
        Subject:        Re: let's look...  Re: Standardizing inline PGP for e-mail?



On Don, 2003-01-23 at 22:35, David Shaw wrote:
> I think in general that creating a new subtype of text to solve this
> problem is a non-starter.  Part of the original problem was that not
> enough mailers supported PGP/MIME (or indeed, MIME in general)
> sufficiently well.  I suspect that using a new subtype will eventually
> end up as "PGP/MIME lite" and will similarly not be supported.
Additionally, specifying inline PGP could make Software vendors even
more reluctant to support PGP/MIME properly. Why not make it absolutely
clear that PGP/MIME is the only form of PGP in email mailers are
supposed to use.
inline pgp won't get worse as it is - but manpower should be directed
into making PGP/MIME work, not into fixing inline pgp, imho.
cheers
-- vbi
--
featured link: http://fortytwo.ch/gpg/subkeys

--=_alternative 005C76C286256CB8_=-- --=_mixed 005C76C286256CB8_= Content-Type: application/octet-stream; name="signature.asc" Content-Disposition: attachment; filename="signature.asc" Content-Transfer-Encoding: base64 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0NClZlcnNpb246IEdudVBHIHYxLjIuMSAoR05V L0xpbnV4KQ0KQ29tbWVudDogZ2V0IG15IGtleSBmcm9tIGh0dHA6Ly9mb3J0eXR3by5jaC9ncGcv OTIwODI0ODENCg0KaUhNRUFCRUNBRE1GQWo0dytjMHNHbWgwZEhBNkx5OW1iM0owZVhSM2J5NWph QzlzWldkaGJDOW5jR2N2WlcxaA0KYVd3dU1qQXdNakE0TWpJQUNna1FpNlF4aStXbjk5WUs1QUNm YzA2Znd0eG9xcElJcWVjaytxNXVIRXl2S2xjQQ0Kb0o0RTVvRFFBVjhibENkL0Rrakw0SFhjaEZj Sg0KPWN5NVkNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0KU2lnbmF0dXJlIHBvbGljeTog aHR0cDovL2ZvcnR5dHdvLmNoL2xlZ2FsL2dwZy9lbWFpbC4yMDAyMDgyMg0K --=_mixed 005C76C286256CB8_=-- Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0OGTCk15902 for ietf-openpgp-bks; Fri, 24 Jan 2003 08:29:12 -0800 (PST) Received: from smtp1.kodak.com (smtp1.kodak.com [192.232.121.200]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0OGTAo15895 for ; Fri, 24 Jan 2003 08:29:10 -0800 (PST) Received: from knotes.kodak.com (knotes2.ko.kodak.com [150.221.122.53]) by smtp1.kodak.com (8.11.3/8.11.1) with ESMTP id h0OGTBa23293 for ; Fri, 24 Jan 2003 11:29:11 -0500 (EST) To: ietf-openpgp@imc.org Subject: Re: Standardizing inline PGP for e-mail? X-Mailer: Lotus Notes Release 5.0.5 September 22, 2000 Message-ID: From: john.dlugosz@kodak.com Date: Fri, 24 Jan 2003 10:29:01 -0600 X-MIMETrack: Serialize by Router on KNOTES2/ISBP/EKC(Release 5.0.11 |July 24, 2002) at 01/24/2003 11:29:11 AM, Serialize complete at 01/24/2003 11:29:11 AM MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_alternative 005A8C5D86256CB8_=" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is a multipart message in MIME format. --=_alternative 005A8C5D86256CB8_= Content-Type: text/plain; charset="us-ascii" I use inline PGP messages in applications like Lotus Notes and web-based email that have no concept of PGP or MIME. I can paste a coded ASCII Armored block into such a program and call it "text", and get my message through (privately). The very fact that I'm using inline PGP implies that I can't do anything about the mail message headers! --=_alternative 005A8C5D86256CB8_= Content-Type: text/html; charset="us-ascii"
I use inline PGP messages in applications like Lotus Notes and web-based email that have no concept of PGP or MIME.  I can paste a coded ASCII Armored block into such a program and call it "text", and get my message through (privately).  The very fact that I'm using inline PGP implies that I can't do anything about the mail message headers! --=_alternative 005A8C5D86256CB8_=-- Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0OG9kQ14260 for ietf-openpgp-bks; Fri, 24 Jan 2003 08:09:46 -0800 (PST) Received: from xfw.transarc.ibm.com (xfw.transarc.ibm.com [192.54.226.51]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0OG9io14255 for ; Fri, 24 Jan 2003 08:09:44 -0800 (PST) Received: from mailhost.transarc.ibm.com (mailhost.transarc.ibm.com [9.38.192.124]) by xfw.transarc.ibm.com (AIX4.3/UCB 8.7/8.7) with ESMTP id KAA58790 for ; Fri, 24 Jan 2003 10:54:20 -0500 (EST) Received: from mwyoung (dhcp-193-40.transarc.ibm.com [9.38.193.240]) by mailhost.transarc.ibm.com (8.8.0/8.8.0) with SMTP id LAA13205 for ; Fri, 24 Jan 2003 11:09:34 -0500 (EST) Message-ID: <002601c2c3c2$d3e57fe0$f0c12609@transarc.ibm.com> From: "Michael Young" To: References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <20030122223754.GC26081@coruscant.does-not-exist.org> <20030122235431.GA28453@coruscant.does-not-exist.org> <20030123213537.GA13061@jabberwocky.com> <1043397070.855.25.camel@altfrangg.fortytwo.ch> Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? Date: Fri, 24 Jan 2003 11:08:25 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Shaw wrote: > I think in general that creating a new subtype of text to solve this > problem is a non-starter. Part of the original problem was that not > enough mailers supported PGP/MIME (or indeed, MIME in general) > sufficiently well. I suspect that using a new subtype will eventually > end up as "PGP/MIME lite" and will similarly not be supported. The point is that the "lite" form is displayed reasonably even in agents that don't "support" it. They show it as text. When confronted with multipart/signed, some agents display the pieces as attachments or not at all; this makes reading the text painful, and verifying the signature manually even more so. For agents that do support PGP/MIME, yes, this is another thing that they might want to understand. If one doesn't, then it may appear to have taken a step backward *when confronted with one of these "lite" messages*. A small step, in my opinion. Once again, Thomas should correct me if I'm wrong, but I don't think this is intended as a replacement, or even as a default. It's an *option* for senders that know that they are sending to receivers that can't (or don't want to) handle PGP/MIME. It would just be nice if all the agents that offered such an option did it the same way; that lets smart receivers still get some of the benefit. Adrian 'Dagurashibanipal' von Bidder wrote: > Additionally, specifying inline PGP could make Software vendors even > more reluctant to support PGP/MIME properly. Why not make it absolutely > clear that PGP/MIME is the only form of PGP in email mailers are > supposed to use. While it's possible that some vendor will choose to implement only the "lite" form on the receiving side, I think it's far more likely that they will implement neither, official PGP/MIME, or both. The most likely implementors are people who've already built PGP/MIME support. If I believed Adrian's premise, then I might believe in enforcing "the full standard or nothing at all", but I don't. I might enforce it if legacy agents weren't caused such grief. But they are, and I find it hard to stand on principle in the face of obvious pain. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPjFk8ec3iHYL8FknEQLpxwCePF4NDpFqTgBhZfTqPvQdLyRz7r8AoLlE hMY7CGqTOaBsL+jN6quXsr+O =4VwY -----END PGP SIGNATURE----- Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0OFKJB09409 for ietf-openpgp-bks; Fri, 24 Jan 2003 07:20:19 -0800 (PST) Received: from express (express.wiktel.com [204.221.145.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0OFKHo09403 for ; Fri, 24 Jan 2003 07:20:17 -0800 (PST) Received: from NB1131 (unverified [146.57.166.48]) by wiktel.com (Rockliffe SMTPRA 5.2.5) with ESMTP id ; Fri, 24 Jan 2003 09:20:09 -0500 From: "Richard Laager" To: "'Dominikus Scherkl'" Cc: Subject: RE: let's look... Re: Standardizing inline PGP for e-mail? Date: Fri, 24 Jan 2003 09:20:04 -0600 Organization: Wikstrom Telecom Internet Message-ID: <000801c2c3bc$13707400$30a63992@umcrookston.edu> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 In-Reply-To: <2F89C141B5B67645BB56C0385375788248199B@guk1d002.glueckkanja.org> Importance: Normal Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dominikus Scherkl wrote: > > Simon Josefsson wrote: > > > > Things don't look well for Outlook. It displays the message > > > > as a text attachment. > > > > > > Maybe it needs a Content-Disposition: inline. Does this > > > message render better? > > > > Nope. It still shows as a text attachment. > > ?!? > What Outlook version (or configuration?!?) do you use? Outlook XP, a.k.a. Outlook 2002 (10.3513.3501) SP-1 > With mine it works fine (and our Plug-In Crypto-Ex has no > problem to verify the signature). Richard Laager -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPjFZh231OrleHxvOEQIDJgCeNceHv/5UgDSgzPOxjRu6QboTWGMAni8P G7ZabwQNLdV6qcxwtlqfhvk8 =qm6h -----END PGP SIGNATURE----- Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0OAUb419202 for ietf-openpgp-bks; Fri, 24 Jan 2003 02:30:37 -0800 (PST) Received: from mail.glueckkanja.com (mail.glueckkanja.com [62.8.243.3]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0OAUZo19187 for ; Fri, 24 Jan 2003 02:30:36 -0800 (PST) Subject: RE: let's look... Re: Standardizing inline PGP for e-mail? MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 24 Jan 2003 11:30:27 +0100 Content-Class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Message-ID: <2F89C141B5B67645BB56C0385375788248199B@guk1d002.glueckkanja.org> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: let's look... Re: Standardizing inline PGP for e-mail? thread-index: AcLDImxlWJ4BSSx4RCiRTJ80jaQMIgAcHN/A From: "Dominikus Scherkl" To: "Richard Laager" Cc: Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h0OAUbo19199 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: > Simon Josefsson wrote: > > > Things don't look well for Outlook. It displays the message as a > > > text attachment. > > > > Maybe it needs a Content-Disposition: inline. Does this message > > render better? > > Nope. It still shows as a text attachment. ?!? What Outlook version (or configuration?!?) do you use? With mine it works fine (and our Plug-In Crypto-Ex has no problem to verify the signature). Best regards. -- Dominikus Scherkl dominikus.scherkl@glueckkanja.com Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0O8VQb29649 for ietf-openpgp-bks; Fri, 24 Jan 2003 00:31:26 -0800 (PST) Received: from gluggsi.fortytwo.ch (zux006-042-224.adsl.green.ch [81.6.42.224]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0O8VOo29642 for ; Fri, 24 Jan 2003 00:31:24 -0800 (PST) Received: from altfrangg.fortytwo.ch (altfrangg.fortytwo.ch [192.168.1.17]) by gluggsi.fortytwo.ch (Postfix) with ESMTP id 91CEA79E0 for ; Fri, 24 Jan 2003 09:31:11 +0100 (CET) Received: by altfrangg.fortytwo.ch (Postfix, from userid 1000) id 9463B8B9D6; Fri, 24 Jan 2003 09:31:10 +0100 (CET) Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? From: "Adrian 'Dagurashibanipal' von Bidder" To: ietf-openpgp@imc.org In-Reply-To: <20030123213537.GA13061@jabberwocky.com> References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <20030122223754.GC26081@coruscant.does-not-exist.org> <20030122235431.GA28453@coruscant.does-not-exist.org> <20030123213537.GA13061@jabberwocky.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-bS/CV2WSjjwyHUwGyZM0" Organization: Message-Id: <1043397070.855.25.camel@altfrangg.fortytwo.ch> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.1 Date: 24 Jan 2003 09:31:10 +0100 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --=-bS/CV2WSjjwyHUwGyZM0 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Don, 2003-01-23 at 22:35, David Shaw wrote: > I think in general that creating a new subtype of text to solve this > problem is a non-starter. Part of the original problem was that not > enough mailers supported PGP/MIME (or indeed, MIME in general) > sufficiently well. I suspect that using a new subtype will eventually > end up as "PGP/MIME lite" and will similarly not be supported. Additionally, specifying inline PGP could make Software vendors even more reluctant to support PGP/MIME properly. Why not make it absolutely clear that PGP/MIME is the only form of PGP in email mailers are supposed to use. inline pgp won't get worse as it is - but manpower should be directed into making PGP/MIME work, not into fixing inline pgp, imho. cheers -- vbi --=20 featured link: http://fortytwo.ch/gpg/subkeys --=-bS/CV2WSjjwyHUwGyZM0 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: get my key from http://fortytwo.ch/gpg/92082481 iHMEABECADMFAj4w+c0sGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99YK5ACfc06fwtxoqpIIqeck+q5uHEyvKlcA oJ4E5oDQAV8blCd/DkjL4HXchFcJ =cy5Y -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/legal/gpg/email.20020822 --=-bS/CV2WSjjwyHUwGyZM0-- Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0NLZfG10590 for ietf-openpgp-bks; Thu, 23 Jan 2003 13:35:41 -0800 (PST) Received: from claude.jabberwocky.com (walrus.ne.client2.attbi.com [24.60.130.129]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0NLZdo10586 for ; Thu, 23 Jan 2003 13:35:40 -0800 (PST) Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id h0NLZbk13169 for ietf-openpgp@imc.org; Thu, 23 Jan 2003 16:35:37 -0500 Date: Thu, 23 Jan 2003 16:35:37 -0500 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? Message-ID: <20030123213537.GA13061@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <20030122223754.GC26081@coruscant.does-not-exist.org> <20030122235431.GA28453@coruscant.does-not-exist.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030122235431.GA28453@coruscant.does-not-exist.org> X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-URL: http://www.jabberwocky.com/ X-Phase-Of-Moon: The Moon is Waning Gibbous (67% of Full) User-Agent: Mutt/1.5.2i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I think in general that creating a new subtype of text to solve this problem is a non-starter. Part of the original problem was that not enough mailers supported PGP/MIME (or indeed, MIME in general) sufficiently well. I suspect that using a new subtype will eventually end up as "PGP/MIME lite" and will similarly not be supported. Anything that causes the equivalent of "cat message | gpg --clearsign | mail user@example.com" to no longer work well is not going to work out in the real world. I like the original suggestion far better (with or without the x-action: tag) as it does not preclude the above pipeline. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0NKkNC07820 for ietf-openpgp-bks; Thu, 23 Jan 2003 12:46:23 -0800 (PST) Received: from mail3.wiktel.com (mail3.wiktel.com [204.221.145.9]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0NKkLo07815 for ; Thu, 23 Jan 2003 12:46:21 -0800 (PST) Received: from NB1131 (unverified [146.57.166.48]) by wiktel.com (Rockliffe SMTPRA 5.2.5) with ESMTP id ; Thu, 23 Jan 2003 13:40:19 -0500 From: "Richard Laager" To: "'Simon Josefsson'" Cc: Subject: RE: let's look... Re: Standardizing inline PGP for e-mail? Date: Thu, 23 Jan 2003 13:40:11 -0600 Organization: Wikstrom Telecom Internet Message-ID: <000a01c2c317$3f0b3b40$30a63992@umcrookston.edu> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Simon Josefsson wrote: > > Things don't look well for Outlook. It displays the message as a > > text attachment. > > Maybe it needs a Content-Disposition: inline. Does this message > render better? Nope. It still shows as a text attachment. Richard Laager -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPjBENW31OrleHxvOEQKmWACeK4IZ1rQhNqyD2v9JiUMT0L8i++wAnRqQ gLXORHDWe+P06DJyPeVHQLeo =uPpt -----END PGP SIGNATURE----- Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0NEhk411475 for ietf-openpgp-bks; Thu, 23 Jan 2003 06:43:46 -0800 (PST) Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.33]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0NEhjo11471 for ; Thu, 23 Jan 2003 06:43:45 -0800 (PST) Received: from mailserver3.hushmail.com (mailserver3.hushmail.com [65.39.178.45]) by smtp3.hushmail.com (Postfix) with ESMTP id 073FC5C91 for ; Thu, 23 Jan 2003 06:43:40 -0800 (PST) Received: from mailserver3.hushmail.com (localhost [127.0.0.1]) by mailserver3.hushmail.com (8.12.6/8.12.3) with ESMTP id h0NEhdH2091217 for ; Thu, 23 Jan 2003 06:43:39 -0800 (PST) (envelope-from vedaal@hush.com) Received: (from nobody@localhost) by mailserver3.hushmail.com (8.12.6/8.12.3/Submit) id h0NEhdpW091216 for ietf-openpgp@imc.org; Thu, 23 Jan 2003 06:43:39 -0800 (PST) Message-Id: <200301231443.h0NEhdpW091216@mailserver3.hushmail.com> Date: Thu, 23 Jan 2003 06:43:38 -0800 To: ietf-openpgp@imc.org Cc: Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? From: vedaal@hush.com Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 22 Jan 2003 16:05:56 -0800 Michael Young wrote: >Excellent idea... > >Your message displays fine in Outlook Express. (Yes, I know it's >a noxious agent.) The signature verified fine using PGP6.5's "current >window" support. > >I'll try other agents when I can. fwiw, no clearsigned messages verify in hushmail, they do not even display the pgp headers, footers and signatures unless the 'show actual message' display is checked, and even then, while it does display everything, it verifies as 'bad' also, btw, the huhmail pgp armor has 66 characters per line as opposed to the standard pgp 64 am signing this from hushmail, from the 'current window' vedaal -----BEGIN PGP SIGNATURE----- Version: 6.5.8ckt http://www.ipgpp.com/ Comment: { Acts of Kindness better the World, and protect the Soul } Comment: KeyID: 0x6A05A0B785306D25 Comment: Fingerprint: 96A6 5F71 1C43 8423 D9AE 02FD A711 97BA iQEVAwUBPi/+jWoFoLeFMG0lAQFaMAgAgKmUMtl/e/SzcZwbmAPbngaRgop7qGK2 AznS6isV7Ft7116g9np6B9NfKM6JgUJ1zSt2Vq9F223GjqHM/ifU8TIbWNlCXdjI TcgzOmQ8i5B2pLTCH48Lf7DxSoBipuHubOgMqexK9cgXwHeI6Telidfofp9fLf8w 55BNKpnGSKaYNhqrW+g+mfzgSo6w2/h06S8O5PE8GCHlelqvkHTjYysYHDMM5pDn NQ2XI2RdAPOqkHvTJzF6IegOGSZvB3Gp6/BFTblInjzM7TXyKMNQZQfXZ0b6IA6f mHkg2hzao/EHiLuepH9O/W6TId4hSq2ODtj3wBP0PD+Ln7Svw40nPw== =HFws -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0NDfeM07729 for ietf-openpgp-bks; Thu, 23 Jan 2003 05:41:40 -0800 (PST) Received: from yxa.extundo.com (178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0NDfco07723 for ; Thu, 23 Jan 2003 05:41:38 -0800 (PST) Received: from latte.josefsson.org (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.12.6/8.12.6) with ESMTP id h0NDfaRr026410 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 23 Jan 2003 14:41:37 +0100 To: ned.freed@mrochek.com Cc: Thomas Roessler , ietf-openpgp@imc.org Subject: Re: Standardizing inline PGP for e-mail? X-Payment: hashcash 1.1 0:030123:ned.freed@mrochek.com:8a5ce5ef377933a3 X-Hashcash: 0:030123:ned.freed@mrochek.com:8a5ce5ef377933a3 X-Payment: hashcash 1.1 0:030123:roessler@does-not-exist.org:99cf01619fa8d8a8 X-Hashcash: 0:030123:roessler@does-not-exist.org:99cf01619fa8d8a8 X-Payment: hashcash 1.1 0:030123:ietf-openpgp@imc.org:acf1fd8a677f9fde X-Hashcash: 0:030123:ietf-openpgp@imc.org:acf1fd8a677f9fde From: Simon Josefsson Date: Thu, 23 Jan 2003 14:41:36 +0100 In-Reply-To: <01KRJ4SVE10G00AE20@mauve.mrochek.com> (ned.freed@mrochek.com's message of "Wed, 22 Jan 2003 09:31:56 -0800 (PST)") Message-ID: User-Agent: Gnus/5.090014 (Oort Gnus v0.14) Emacs/21.3.50 (i686-pc-linux-gnu) References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> X-Face: 1Yn@M+tp9bHO[8c_KMq4EAehxF;z,'j|yrivOiG+mxk$hnZac61A{@h6 List-Unsubscribe: List-ID: ned.freed@mrochek.com writes: >> It seems like inline PGP messages just can't be eradicated, despite >> all the PGP/MIME we have. I'm wondering if it would be reasonable >> to produce an RFC on (1) how to tag this on the MIME level, and (2) >> how to avoid character set problems. > >> Here's the simple proposal (in rough words), as currently >> implemented in the Mutt mail user agent. > >> 1. Inline PGP messages use text/plain as their MIME type. Inline >> PGP material is announced in an additional MIME parameter (we call >> it x-action right now), which can take the values "pgp-encrypt", >> "pgp-sign". > > Such usage clearly violates RFC 2046 section 4.1.3, which states > that text/plain is intended for material that isn't formatted in any way: > > Plain text is intended to be displayed "as-is", that is, no interpretation of > embedded formatting commands, font attribute specifications, processing > instructions, interpretation directives, or content markup should be necessary > for proper display > > It also violates the intended use of media type parameters, which are supposed > to qualify the format being used rather than identifying it. Format > identification is supposed to be done by the media type. FWIW, there is a standards track precedence for Thomas' approach; the RFC 2646 format=flowed parameter that modifies how text/plain is rendered. Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0NDaqa07512 for ietf-openpgp-bks; Thu, 23 Jan 2003 05:36:52 -0800 (PST) Received: from yxa.extundo.com (178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0NDano07507 for ; Thu, 23 Jan 2003 05:36:50 -0800 (PST) Received: from latte.josefsson.org (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.12.6/8.12.6) with ESMTP id h0NDaeRr026336 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 23 Jan 2003 14:36:41 +0100 To: "Richard Laager" Cc: "'Thomas Roessler'" , Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? X-Payment: hashcash 1.1 0:030123:rlaager@wiktel.com:5a2e5eaabf1d9b03 X-Hashcash: 0:030123:rlaager@wiktel.com:5a2e5eaabf1d9b03 X-Payment: hashcash 1.1 0:030123:roessler@does-not-exist.org:6b675fe3d03df70c X-Hashcash: 0:030123:roessler@does-not-exist.org:6b675fe3d03df70c X-Payment: hashcash 1.1 0:030123:ietf-openpgp@imc.org:1f21785e28a499bf X-Hashcash: 0:030123:ietf-openpgp@imc.org:1f21785e28a499bf From: Simon Josefsson Date: Thu, 23 Jan 2003 14:36:40 +0100 In-Reply-To: <000001c2c285$723d15c0$30a63992@umcrookston.edu> ("Richard Laager"'s message of "Wed, 22 Jan 2003 20:16:30 -0600") Message-ID: User-Agent: Gnus/5.090014 (Oort Gnus v0.14) Emacs/21.3.50 (i686-pc-linux-gnu) References: <000001c2c285$723d15c0$30a63992@umcrookston.edu> X-Face: FmU60_S;07.b/mq$mN4i[hYDH,9?'f\&F~>ROKqqN6'k$rh#oKV}|(Ol8$)L4`#XB"b|Tnu J"{VKSYBqieg/2&a.0pI2[7A\9*s+=%Zq\^> List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "Richard Laager" writes: > >> -----Original Message----- >> From: owner-ietf-openpgp@mail.imc.org >> [mailto:owner-ietf-openpgp@mail.imc.org] On Behalf Of Thomas >> Roessler Sent: Wednesday, January 22, 2003 5:55 PM >> To: Michael Young; ned.freed@mrochek.com; ietf-openpgp@imc.org >> Subject: let's look... Re: Standardizing inline PGP for e-mail? > > Things don't look well for Outlook. It displays the message as a text > attachment. Maybe it needs a Content-Disposition: inline. Does this message render better? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.2-cvs (GNU/Linux) iQC1AwUBPi/v3e2iHpS1ZXFvAQJbtwT/XBNG5ltvFbtllkPJp2ejIto5rMKCf00j ztmymvGuGPIT9FgMuIdxX1iQ/Tu3+iOHSsPqwcJIV30w6sy1HUzXzBic3/ApnAir t5ZvSOLpmK7t7PxxUFEdmijkRy4yG7LBDOw4X92e74FxBYE8aSFQugM6jFyovxdn dAVf56//5hucWYCTqGTADFSTcUvT+X6+BanPWIPb1ik78LLGwnbDKA== =HxpE -----END PGP SIGNATURE----- Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0N8iU607015 for ietf-openpgp-bks; Thu, 23 Jan 2003 00:44:30 -0800 (PST) Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0N8iTo07005 for ; Thu, 23 Jan 2003 00:44:29 -0800 (PST) Received: from [63.73.97.183] (63.73.97.165) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.1.4); Thu, 23 Jan 2003 00:44:26 -0800 User-Agent: Microsoft-Entourage/10.1.1.2418 Date: Thu, 23 Jan 2003 00:44:26 -0800 Subject: Re: Standardizing inline PGP for e-mail? From: Jon Callas To: Thomas Roessler , OpenPGP Message-ID: In-Reply-To: <20030122152135.GA17189@coruscant.does-not-exist.org> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'll summarize an opinion I've stated before. The list of MUAs that handle OpenPGP/MIME correctly is very small. The list of MUAs that handle plain old clear-signed messages is very large. The work that needs to be done is in user software, not in RFCs. Jon -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPi+rW7E3nVmTg94GEQINSACgtTMtOAnnpMfheihcso4sDRKmzpUAn3h6 8sZ0dS2buZlN3P20sHduy7rc =DYak -----END PGP SIGNATURE----- Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0N7Yng23828 for ietf-openpgp-bks; Wed, 22 Jan 2003 23:34:49 -0800 (PST) Received: from mgo.iij.ad.jp (root@mgo.iij.ad.jp [202.232.15.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0N7Ymo23823 for ; Wed, 22 Jan 2003 23:34:48 -0800 (PST) Received: from ns.iij.ad.jp ([192.168.2.111]) by mgo.iij.ad.jp (8.8.8/MGO1.0) with ESMTP id QAA15681 for ; Thu, 23 Jan 2003 16:34:38 +0900 (JST) Received: from fs.iij.ad.jp (root@fs.iij.ad.jp [192.168.2.9]) by ns.iij.ad.jp (8.8.5/3.5Wpl7) with ESMTP id QAA19001 for ; Thu, 23 Jan 2003 16:34:37 +0900 (JST) Received: from localhost (mine.iij.ad.jp [192.168.4.209]) by fs.iij.ad.jp (8.8.5/3.5Wpl7) with ESMTP id QAA09990 for ; Thu, 23 Jan 2003 16:34:37 +0900 (JST) Date: Thu, 23 Jan 2003 16:32:51 +0900 (JST) Message-Id: <20030123.163251.125127036.kazu@iijlab.net> To: ietf-openpgp@imc.org Subject: Re: Standardizing inline PGP for e-mail? From: Kazu Yamamoto (=?iso-2022-jp?B?GyRCOzNLXE9CSScbKEI=?=) In-Reply-To: References: <20030122152135.GA17189@coruscant.does-not-exist.org> X-Mailer: Mew version 3.1.52 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: From: Greg Troxel Subject: Re: Standardizing inline PGP for e-mail? > Given Ned's comments, how about "text/openpgp"? I will support the text/openpgp (only for PGP clear signature, see below) if proposed. Note that the text/pgp approach was proposed several times (once during standardizing RFC 2015, and several times after RFC 2015) to maintain backward compatibility to both non-MIME-aware and MIME-aware-but-non-PGP/MIME-aware user agents. My concern is that these proposals were always rejected by IETF without reasons which make sense to me. > This would specify the type of the content in the type, and whether > the contents are a key block, encrypted message, signed message, or > clearsigned message is already in the contents. Please use subtypes of "application" for signed message and encrypted message. We need to carefully consider character set issues for them. Just saying "use UTF-8" does not solve situation at least in Japan. Conversion from a traditional CJK character set to UTF-8 is quite tough. For PGP clear signature, we are free from this kind of character set issues because the "charset" parameter tells. See the followin example: Content-Type: text/openpgp; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Quoted-Printable(PGP clear signature in ISO-8859-1) --Kazu Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0N6U7315145 for ietf-openpgp-bks; Wed, 22 Jan 2003 22:30:07 -0800 (PST) Received: from tkrat.org (tkrat.math.chalmers.se [129.16.168.189]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0N6U5o15141 for ; Wed, 22 Jan 2003 22:30:06 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by tkrat.org (Postfix) with ESMTP id 640002FC8; Thu, 23 Jan 2003 07:30:06 +0100 (MET) Date: Thu, 23 Jan 2003 06:55:06 +0100 (CET) From: maf@tkrat.org Reply-To: maf@tkrat.org Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? To: roessler@does-not-exist.org Cc: ietf-openpgp@imc.org MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=us-ascii Content-Disposition: INLINE Message-Id: <20030123063006.640002FC8@tkrat.org> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 23 Jan, Thomas Roessler wrote: > This message contains inline PGP material tagged as text/x-pgp. I'd > be curious to learn what kind of behaviour this causes. In > particular, are those whose user agents aren't prepared to handle > PGP by default able to display the "raw" clearsigned material > without problems? TkRat, just shows a blob stating that here is an object of type text/x-pgp and some buttons with different actions. One of the actions is "View as plain text" and selecting that shows the message content. It also recognizes that it is an embedded pgp message and thus gives the option to check the signature. /MaF PS I am the author of TkRat so obviously I am biased:-) Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0N2GQ007836 for ietf-openpgp-bks; Wed, 22 Jan 2003 18:16:26 -0800 (PST) Received: from mail1.wiktel.com (mail1.wiktel.com [204.221.145.7]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0N2GOo07832 for ; Wed, 22 Jan 2003 18:16:24 -0800 (PST) Received: from NB1131 (unverified [146.57.166.48]) by wiktel.com (Rockliffe SMTPRA 5.2.5) with ESMTP id ; Wed, 22 Jan 2003 20:16:10 -0600 From: "Richard Laager" To: "'Thomas Roessler'" Cc: Subject: RE: let's look... Re: Standardizing inline PGP for e-mail? Date: Wed, 22 Jan 2003 20:16:30 -0600 Organization: Wikstrom Telecom Internet Message-ID: <000001c2c285$723d15c0$30a63992@umcrookston.edu> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 In-Reply-To: <20030122235431.GA28453@coruscant.does-not-exist.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > -----Original Message----- > From: owner-ietf-openpgp@mail.imc.org > [mailto:owner-ietf-openpgp@mail.imc.org] On Behalf Of Thomas > Roessler Sent: Wednesday, January 22, 2003 5:55 PM > To: Michael Young; ned.freed@mrochek.com; ietf-openpgp@imc.org > Subject: let's look... Re: Standardizing inline PGP for e-mail? Things don't look well for Outlook. It displays the message as a text attachment. Richard Laager -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPi9QfW31OrleHxvOEQIsgQCg4ScEq6vJvqeAPwgzRr1sr5H45z8Anjzs 8/5RNTXz+WfHo1diHrSEQgZG =Fv7q -----END PGP SIGNATURE----- Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0N0ROd04690 for ietf-openpgp-bks; Wed, 22 Jan 2003 16:27:24 -0800 (PST) Received: from conure.mail.pas.earthlink.net (conure.mail.pas.earthlink.net [207.217.120.54]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0N0RNo04685 for ; Wed, 22 Jan 2003 16:27:23 -0800 (PST) Received: from h-69-3-25-159.snvacaid.covad.net ([69.3.25.159] helo=[192.168.1.5]) by conure.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 18bVDJ-0002Ye-00 for ietf-openpgp@imc.org; Wed, 22 Jan 2003 16:27:25 -0800 X-Sender: frantz%pwpconsult.com@pop.business.earthlink.net Message-Id: In-Reply-To: <20030122235431.GA28453@coruscant.does-not-exist.org> References: <20030122223754.GC26081@coruscant.does-not-exist.org> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <20030122223754.GC26081@coruscant.does-not-exist.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 22 Jan 2003 16:27:26 -0800 To: ietf-openpgp@imc.org From: Bill Frantz Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: At 3:54 PM -0800 1/22/03, Thomas Roessler wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On 2003-01-22 23:37:54 +0100, Thomas Roessler wrote: > >> On 2003-01-22 13:29:07 -0800, ned.freed@mrochek.com wrote: > >> > I never suggested any such thing. What I suggest was a different >> > subtype of text. > >> Thanks for that suggestion. Will look into it. > >This message contains inline PGP material tagged as text/x-pgp. I'd >be curious to learn what kind of behaviour this causes. In >particular, are those whose user agents aren't prepared to handle >PGP by default able to display the "raw" clearsigned material >without problems? > >Thanks, and kind regards, >- -- >Thomas Roessler >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.1 (GNU/Linux) > >iQEVAwUBPi8vN9ImKUTOasbBAQL/iQgAvRAAcl/+s6dv9L3bo6LtJueHoZ3eR5KB >iUnq9lAky5KO2cKG+giS7R2MeSSt4/BvWezPWoCyoQjMoJvIWR3+e8sOB3OoFZhU >uJ+klrGP6LcXMeV0R1MOJ+pEEHVxEM8rHzcoEwaPkKCECC3WXg0c5R2PXNUO/723 >EnV9dgtDo7kxz6WOo8heXlEP/2lSa9ogbTRaBgs4cx+QBBVbAEmTvxmzu1Jbjfg+ >/WG/60lERXnnuJN3UE8nJcWMBJJKbacyijf4SaqX6PyknyGAr4FOIG7qguijIjpr >OpGHOdNbyadpST9Y7tqDVfH5ubKwTNRvKLjZr2zOT40ipAvWr9fT6A== >=CPvZ >-----END PGP SIGNATURE----- My Eudora 3.1 doesn't seem to have a problem with it. On the other hand, I don't see any MIME headers when I view the full message. Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | Sacred cows make the | Periwinkle -- Consulting (408)356-8506 | tastiest hamburgers. | 16345 Englewood Ave. frantz@pwpconsult.com | - David Wagner | Los Gatos, CA 95032, USA Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0N07N103914 for ietf-openpgp-bks; Wed, 22 Jan 2003 16:07:23 -0800 (PST) Received: from xfw.transarc.ibm.com (xfw.transarc.ibm.com [192.54.226.51]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0N07Mo03909 for ; Wed, 22 Jan 2003 16:07:22 -0800 (PST) Received: from mailhost.transarc.ibm.com (mailhost.transarc.ibm.com [9.38.192.124]) by xfw.transarc.ibm.com (AIX4.3/UCB 8.7/8.7) with ESMTP id SAA24624 for ; Wed, 22 Jan 2003 18:52:07 -0500 (EST) Received: from mwyoung (dhcp-193-40.transarc.ibm.com [9.38.193.240]) by mailhost.transarc.ibm.com (8.8.0/8.8.0) with SMTP id TAA03379 for ; Wed, 22 Jan 2003 19:07:19 -0500 (EST) Message-ID: <009b01c2c273$341ae2c0$f0c12609@transarc.ibm.com> From: "Michael Young" To: References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <20030122223754.GC26081@coruscant.does-not-exist.org> <20030122235431.GA28453@coruscant.does-not-exist.org> Subject: Re: let's look... Re: Standardizing inline PGP for e-mail? Date: Wed, 22 Jan 2003 19:05:56 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Excellent idea... Your message displays fine in Outlook Express. (Yes, I know it's a noxious agent.) The signature verified fine using PGP6.5's "current window" support. I'll try other agents when I can. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPi8xoOc3iHYL8FknEQJjGACdGcb79RZIFSv0zOws+p6+Tg4ry2AAoP5+ 5TezNgsGxb+LaoeGEdnA9kOS =DrFD -----END PGP SIGNATURE----- Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0N005L03699 for ietf-openpgp-bks; Wed, 22 Jan 2003 16:00:05 -0800 (PST) Received: from xfw.transarc.ibm.com (xfw.transarc.ibm.com [192.54.226.51]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0N004o03695 for ; Wed, 22 Jan 2003 16:00:04 -0800 (PST) Received: from mailhost.transarc.ibm.com (mailhost.transarc.ibm.com [9.38.192.124]) by xfw.transarc.ibm.com (AIX4.3/UCB 8.7/8.7) with ESMTP id SAA07870 for ; Wed, 22 Jan 2003 18:44:49 -0500 (EST) Received: from mwyoung (dhcp-193-40.transarc.ibm.com [9.38.193.240]) by mailhost.transarc.ibm.com (8.8.0/8.8.0) with SMTP id TAA03330 for ; Wed, 22 Jan 2003 19:00:02 -0500 (EST) Message-ID: <008c01c2c272$2f81ef20$f0c12609@transarc.ibm.com> From: "Michael Young" To: References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> Subject: Re: Standardizing inline PGP for e-mail? Date: Wed, 22 Jan 2003 18:58:38 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ned.freed@mrochek.com writes: > This sure sounds like sophistry to me. It wasn't intended as such. The terms in the excerpt strongly suggested display-oriented formatting to me. It is certainly not necessary to display the PGP clearsigned text specially in order to express the appearance that the sender intended. > And as it happens I'm the one who wrote this text. I can assure you that the > intent was to ban the use of text/plain for formatted materials. Thanks. I apologize for my misinterpretation. I really shouldn't have commented on the MIME specification at all. It's not my specialty, as you have made clear. But more importantly, I don't think it's really the point. I don't think that Thomas is trying to claim that this is either ideal or strictly legal. He appears to be documenting an actual implementation of an extra-legal extension to solve a practical problem in the hopes that others would adopt the same solution. The problem involves both non-MIME agents and MIME agents that handle PGP/MIME badly, so it's no surprise that a purely MIME-compliant solution may not be possible. If I have misrepresented Thomas's intentions, perhaps he'll clarify. > I never suggested any such thing. What I suggest was a different > subtype of text. My apologies. Rereading your original note alone, that still isn't clear to me, but that's my fault. Perhaps others can comment on whether their user agents react to text/something-else better than proper PGP/MIME. Separately, "Greg Troxel" writes: > I suppose it all comes down to one's opinion on whether it is > reasonable to send PGP with a non-MIME-aware MUA. I think it's a more a matter of wanting to send PGP-encoded material to *receivers* that don't understand MIME or PGP/MIME, and wanting the best possible display given their limitations, all the while allowing PGP-aware agents to use the extra formatting. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPi8wKOc3iHYL8FknEQLs+wCfT4n45rZ2tpWr9j/u7eGx6kwPs9MAnAmD ntkApqtkfAMknBQLKh1R8YhN =YWGs -----END PGP SIGNATURE----- Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0MNuLO03597 for ietf-openpgp-bks; Wed, 22 Jan 2003 15:56:21 -0800 (PST) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0MNuJo03592 for ; Wed, 22 Jan 2003 15:56:19 -0800 (PST) Received: from [212.227.126.161] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 18bUjF-00065Y-00; Thu, 23 Jan 2003 00:56:21 +0100 Received: from [62.155.158.138] (helo=coruscant.does-not-exist.org) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 18bUjE-0000Tq-00; Thu, 23 Jan 2003 00:56:21 +0100 Received: by coruscant.does-not-exist.org (Postfix, from userid 1000) id 9CA6F2ED24; Thu, 23 Jan 2003 00:54:31 +0100 (CET) Date: Thu, 23 Jan 2003 00:54:31 +0100 From: Thomas Roessler To: Michael Young , ned.freed@mrochek.com, ietf-openpgp@imc.org Subject: let's look... Re: Standardizing inline PGP for e-mail? Message-ID: <20030122235431.GA28453@coruscant.does-not-exist.org> Mail-Followup-To: Michael Young , ned.freed@mrochek.com, ietf-openpgp@imc.org References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <20030122223754.GC26081@coruscant.does-not-exist.org> Mime-Version: 1.0 Content-Type: text/x-pgp; charset=us-ascii; x-action=pgp-signed Content-Disposition: inline In-Reply-To: <20030122223754.GC26081@coruscant.does-not-exist.org> User-Agent: Mutt/1.5.3i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2003-01-22 23:37:54 +0100, Thomas Roessler wrote: > On 2003-01-22 13:29:07 -0800, ned.freed@mrochek.com wrote: > > I never suggested any such thing. What I suggest was a different > > subtype of text. > Thanks for that suggestion. Will look into it. This message contains inline PGP material tagged as text/x-pgp. I'd be curious to learn what kind of behaviour this causes. In particular, are those whose user agents aren't prepared to handle PGP by default able to display the "raw" clearsigned material without problems? Thanks, and kind regards, - -- Thomas Roessler -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBPi8vN9ImKUTOasbBAQL/iQgAvRAAcl/+s6dv9L3bo6LtJueHoZ3eR5KB iUnq9lAky5KO2cKG+giS7R2MeSSt4/BvWezPWoCyoQjMoJvIWR3+e8sOB3OoFZhU uJ+klrGP6LcXMeV0R1MOJ+pEEHVxEM8rHzcoEwaPkKCECC3WXg0c5R2PXNUO/723 EnV9dgtDo7kxz6WOo8heXlEP/2lSa9ogbTRaBgs4cx+QBBVbAEmTvxmzu1Jbjfg+ /WG/60lERXnnuJN3UE8nJcWMBJJKbacyijf4SaqX6PyknyGAr4FOIG7qguijIjpr OpGHOdNbyadpST9Y7tqDVfH5ubKwTNRvKLjZr2zOT40ipAvWr9fT6A== =CPvZ -----END PGP SIGNATURE----- Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0MNhdQ03213 for ietf-openpgp-bks; Wed, 22 Jan 2003 15:43:39 -0800 (PST) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0MNhbo03209 for ; Wed, 22 Jan 2003 15:43:37 -0800 (PST) Received: from [212.227.126.161] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 18bUWx-0005xT-00; Thu, 23 Jan 2003 00:43:39 +0100 Received: from [62.155.158.248] (helo=coruscant.does-not-exist.org) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 18bUWw-0008Vv-00; Thu, 23 Jan 2003 00:43:39 +0100 Received: by coruscant.does-not-exist.org (Postfix, from userid 1000) id ACA9D2ED24; Wed, 22 Jan 2003 23:37:54 +0100 (CET) Date: Wed, 22 Jan 2003 23:37:54 +0100 From: Thomas Roessler To: Michael Young , ned.freed@mrochek.com Cc: ietf-openpgp@imc.org Subject: Re: Standardizing inline PGP for e-mail? Message-ID: <20030122223754.GC26081@coruscant.does-not-exist.org> Mail-Followup-To: Michael Young , ned.freed@mrochek.com, ietf-openpgp@imc.org References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> <01KRJCWNQOIK002DEU@mauve.mrochek.com> <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <01KRJCWNQOIK002DEU@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> User-Agent: Mutt/1.5.3i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 2003-01-22 14:30:48 -0500, Michael Young wrote: > This only seems useful if you convince *forward-looking* user > agents to adopt it, for the benefit of those using naive user > agents. That seems unlikely, as many of them have picked up on > PGP/MIME, and would view this as a step backwards. But I'm happy > for you to write it up. Maybe I should explain the rationale somewhat more. First of all, with mutt, we generally try to parse things as late as possible -- scanning text/plain for signs of encrypted or signed material is an action which explicitly has to be triggered by the user. From that point of view, having a separate content type is certainly the thing to do. On the other hand, we had lots of complaints when we were using an application/ content type for inline PGP messages (from those who insisted in sending and receiving inline messages). So we were looking for a way to generate inline messages which can (1) be handled by users with pgp-agnostic user agents, and (2) be recognized as PGP-messages early in the parsing process. A MIME parameter for text/plain looked like an easy way to do this. On 2003-01-22 13:29:07 -0800, ned.freed@mrochek.com wrote: > I never suggested any such thing. What I suggest was a different > subtype of text. Thanks for that suggestion. Will look into it. -- Thomas Roessler Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0MLa6Y28606 for ietf-openpgp-bks; Wed, 22 Jan 2003 13:36:06 -0800 (PST) Received: from mauve.mrochek.com (mauve.mrochek.com [209.55.107.55]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0MLa5o28602 for ; Wed, 22 Jan 2003 13:36:05 -0800 (PST) Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01KRJCAQ6VBK002DEU@mauve.mrochek.com> for ietf-openpgp@imc.org; Wed, 22 Jan 2003 13:36:06 -0800 (PST) Date: Wed, 22 Jan 2003 13:29:07 -0800 (PST) From: ned.freed@mrochek.com Subject: Re: Standardizing inline PGP for e-mail? In-reply-to: "Your message dated Wed, 22 Jan 2003 14:30:48 -0500" <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> To: Michael Young Cc: ietf-openpgp@imc.org Message-id: <01KRJCWNQOIK002DEU@mauve.mrochek.com> MIME-version: 1.0 Content-type: TEXT/PLAIN; charset=iso-8859-1 Content-transfer-encoding: 7BIT References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: > > Such usage clearly violates RFC 2046 section 4.1.3, which states > > that text/plain is intended for material that isn't formatted in any way: > Based on my reading of the RFC excerpt that Ned provided, I disagree, > for clearsigned messages. No interpretation is *necessary* for > proper display -- an agent can simply show the whole mess. > (The MIME charset header would apply, I presume.) This sure sounds like sophistry to me. And as it happens I'm the one who wrote this text. I can assure you that the intent was to ban the use of text/plain for formatted materials. This was the consensus at the time, and subsequent abuse of the type have if anything strengthened the validity of this take on things. > Switching to yet another MIME multipart scheme won't help. I never suggested any such thing. What I suggest was a different subtype of text. Ned Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0MJW4C23663 for ietf-openpgp-bks; Wed, 22 Jan 2003 11:32:04 -0800 (PST) Received: from xfw.transarc.ibm.com (xfw.transarc.ibm.com [192.54.226.51]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0MJW2o23658 for ; Wed, 22 Jan 2003 11:32:02 -0800 (PST) Received: from mailhost.transarc.ibm.com (mailhost.transarc.ibm.com [9.38.192.124]) by xfw.transarc.ibm.com (AIX4.3/UCB 8.7/8.7) with ESMTP id OAA62336 for ; Wed, 22 Jan 2003 14:16:46 -0500 (EST) Received: from mwyoung (dhcp-193-40.transarc.ibm.com [9.38.193.240]) by mailhost.transarc.ibm.com (8.8.0/8.8.0) with SMTP id OAA01953 for ; Wed, 22 Jan 2003 14:31:58 -0500 (EST) Message-ID: <003e01c2c24c$c474fee0$f0c12609@transarc.ibm.com> From: "Michael Young" To: References: <20030122152135.GA17189@coruscant.does-not-exist.org> <01KRJ4SVE10G00AE20@mauve.mrochek.com> Subject: Re: Standardizing inline PGP for e-mail? Date: Wed, 22 Jan 2003 14:30:48 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I use mail agents that are PGP/MIME-naive (including one that is MIME-aware, but that makes PGP/MIME messages painful to read), so I'm generally appreciative of what Thomas is trying to do here. But, I'll admit I'm not a MIME specification expert. Quotes are from , > and "Thomas Roessler" > > It seems like inline PGP messages just can't be eradicated, despite > > all the PGP/MIME we have. I'm wondering if it would be reasonable > > to produce an RFC on (1) how to tag this on the MIME level, and (2) > > how to avoid character set problems. This only seems useful if you convince *forward-looking* user agents to adopt it, for the benefit of those using naive user agents. That seems unlikely, as many of them have picked up on PGP/MIME, and would view this as a step backwards. But I'm happy for you to write it up. Those of us using naive user agents will continue to clearsign by hand. (I'm in no position to inject any MIME tags manually.) > Such usage clearly violates RFC 2046 section 4.1.3, which states > that text/plain is intended for material that isn't formatted in any way: Based on my reading of the RFC excerpt that Ned provided, I disagree, for clearsigned messages. No interpretation is *necessary* for proper display -- an agent can simply show the whole mess. (The MIME charset header would apply, I presume.) > Sounds fine, but it begs the question of why, if you're going to introduce a > major operationaal change to how PGP signs things, you don't just change to > generating multipart/signed. It seems that the point is to use a simple MIME type that can be displayed by PGP/MIME-naive agents, or that are acceptable in places that discourage complicated MIME messages (like some newsgroups and mailing lists). Switching to yet another MIME multipart scheme won't help. (I also wouldn't call this an operational change to how PGP signs things -- the actual signing doesn't change. We're simply talking about the MIME wrapping done by the mail user agent.) > > 3. Encrypted messages are likewise converted to UTF-8 before they > > are passed to OpenPGP. Once again, there is no Charset header on > > the ASCII armor. However, on the MIME level, the message will be > > us-ascii -- we're using ASCII armor. Here, it may be fair to argue that this violates the plain/text guidelines. But, what's the harm, if that's what I really want my agent to do in order to make (some of) my recipients happy? Since some agents are going to do this technically-non-compliant thing, Thomas is simply trying to reach agreement on how they do it. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPi7xS+c3iHYL8FknEQK/IgCgtOsOhHSyqW3sHsWtKvW/cMI2eyAAn26C PrBeAm2691JS85PBq3+wkcnE =auuv -----END PGP SIGNATURE----- Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0MJCEh22616 for ietf-openpgp-bks; Wed, 22 Jan 2003 11:12:14 -0800 (PST) Received: from fnord.ir.bbn.com (FNORD.IR.BBN.com [192.1.100.210]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0MJCDo22612 for ; Wed, 22 Jan 2003 11:12:13 -0800 (PST) Received: by fnord.ir.bbn.com (Postfix, from userid 10853) id 3B11B3F34; Wed, 22 Jan 2003 14:12:15 -0500 (EST) To: Thomas Roessler Cc: ietf-openpgp@imc.org Subject: Re: Standardizing inline PGP for e-mail? References: <20030122152135.GA17189@coruscant.does-not-exist.org> From: Greg Troxel Date: 22 Jan 2003 14:12:14 -0500 In-Reply-To: Thomas Roessler's message of "Wed, 22 Jan 2003 16:21:36 +0100" Message-ID: Lines: 27 X-Mailer: Gnus v5.7/Emacs 20.7 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I'm not very clueful about MIME and I18N, so I post with some trepidation. Given Ned's comments, how about "text/openpgp"? This would specify the type of the content in the type, and whether the contents are a key block, encrypted message, signed message, or clearsigned message is already in the contents. It sounds like for messages which are in ASCII, the conversion to UTF-8 is a no-op. To me, part of the point of backwards compatibility is ensuring that an MUA can deal with incoming messages of the form that have been commonly sent for years. emacs/mh-e/mailcrypt, for example, does not insert any MIME headers at all. So, it seems an MUA has to scan a text/plain or a non-MIME message for PGP headers, and process it if they are present. Having messages tagged as the standard would make it reasonable to make this either an explicit user command to process untagged messages or an option that could be defaulted to off. I suppose it all comes down to one's opinion on whether it is reasonable to send PGP with a non-MIME-aware MUA. I do this all the time, and think it is a reasonable thing to want to do. (Opinions on a mh-e/RMAIL style interface that does PGP/MIME nicely are welcome offlist.) Greg Troxel Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0MHi0V19916 for ietf-openpgp-bks; Wed, 22 Jan 2003 09:44:00 -0800 (PST) Received: from mauve.mrochek.com (mauve.mrochek.com [209.55.107.55]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0MHhxo19912 for ; Wed, 22 Jan 2003 09:43:59 -0800 (PST) Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01KRI9YI897K00AE20@mauve.mrochek.com> for ietf-openpgp@imc.org; Wed, 22 Jan 2003 09:43:59 -0800 (PST) Date: Wed, 22 Jan 2003 09:31:56 -0800 (PST) From: ned.freed@mrochek.com Subject: Re: Standardizing inline PGP for e-mail? In-reply-to: "Your message dated Wed, 22 Jan 2003 16:21:36 +0100" <20030122152135.GA17189@coruscant.does-not-exist.org> To: Thomas Roessler Cc: ietf-openpgp@imc.org Message-id: <01KRJ4SVE10G00AE20@mauve.mrochek.com> MIME-version: 1.0 Content-type: TEXT/PLAIN; CHARSET=us-ascii Content-transfer-encoding: 7BIT References: <20030122152135.GA17189@coruscant.does-not-exist.org> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: > It seems like inline PGP messages just can't be eradicated, despite > all the PGP/MIME we have. I'm wondering if it would be reasonable > to produce an RFC on (1) how to tag this on the MIME level, and (2) > how to avoid character set problems. > Here's the simple proposal (in rough words), as currently > implemented in the Mutt mail user agent. > 1. Inline PGP messages use text/plain as their MIME type. Inline > PGP material is announced in an additional MIME parameter (we call > it x-action right now), which can take the values "pgp-encrypt", > "pgp-sign". Such usage clearly violates RFC 2046 section 4.1.3, which states that text/plain is intended for material that isn't formatted in any way: Plain text is intended to be displayed "as-is", that is, no interpretation of embedded formatting commands, font attribute specifications, processing instructions, interpretation directives, or content markup should be necessary for proper display It also violates the intended use of media type parameters, which are supposed to qualify the format being used rather than identifying it. Format identification is supposed to be done by the media type. Additionally, your typical user agent is far better equipped to dispatch off a media subtype than it is to dispatch on a media type parameter value. Finally, situations exist in non-IETF standards where media types are used without allowing for media type parameters. (That such a situation has come into being is unfortunate, but not something we can do anything about.) This is a total nonstarter IMO. Use of a subtype other than text is a possibility, assuming of course that the idea itself holds water. > 2. Clearsigned messages are converted to UTF-8 before they are > signed and sent. Since UTF-8 is OpenPGP's standard text character > set, there is no Charset armor header. The MIME charset header is > set to utf-8 as well. Sounds fine, but it begs the question of why, if you're going to introduce a major operationaal change to how PGP signs things, you don't just change to generating multipart/signed. > 3. Encrypted messages are likewise converted to UTF-8 before they > are passed to OpenPGP. Once again, there is no Charset header on > the ASCII armor. However, on the MIME level, the message will be > us-ascii -- we're using ASCII armor. Again, a separate media type is going to be needed. Ned Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id h0MFLqh12540 for ietf-openpgp-bks; Wed, 22 Jan 2003 07:21:52 -0800 (PST) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.183]) by above.proper.com (8.11.6/8.11.3) with ESMTP id h0MFLno12536 for ; Wed, 22 Jan 2003 07:21:50 -0800 (PST) Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 18bMhK-0003ma-00 for ietf-openpgp@imc.org; Wed, 22 Jan 2003 16:21:50 +0100 Received: from [62.155.158.172] (helo=coruscant.does-not-exist.org) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 18bMhJ-0005hx-00 for ietf-openpgp@imc.org; Wed, 22 Jan 2003 16:21:49 +0100 Received: by coruscant.does-not-exist.org (Postfix, from userid 1000) id 1A9962ED25; Wed, 22 Jan 2003 16:21:37 +0100 (CET) Date: Wed, 22 Jan 2003 16:21:36 +0100 From: Thomas Roessler To: ietf-openpgp@imc.org Subject: Standardizing inline PGP for e-mail? Message-ID: <20030122152135.GA17189@coruscant.does-not-exist.org> Mail-Followup-To: ietf-openpgp@imc.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.3i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: It seems like inline PGP messages just can't be eradicated, despite all the PGP/MIME we have. I'm wondering if it would be reasonable to produce an RFC on (1) how to tag this on the MIME level, and (2) how to avoid character set problems. Here's the simple proposal (in rough words), as currently implemented in the Mutt mail user agent. 1. Inline PGP messages use text/plain as their MIME type. Inline PGP material is announced in an additional MIME parameter (we call it x-action right now), which can take the values "pgp-encrypt", "pgp-sign". 2. Clearsigned messages are converted to UTF-8 before they are signed and sent. Since UTF-8 is OpenPGP's standard text character set, there is no Charset armor header. The MIME charset header is set to utf-8 as well. 3. Encrypted messages are likewise converted to UTF-8 before they are passed to OpenPGP. Once again, there is no Charset header on the ASCII armor. However, on the MIME level, the message will be us-ascii -- we're using ASCII armor. What's gained by this? You don't have to look at the contents of body parts in order to identify PGP material, which saves you a lot of time. You don't have the complications with non-compliant mail user agents which are caused by content types like application/pgp. You avoid character set conversion confusions. If there is any interest in documenting this as an RFC, I'd be willing to do the drafting. Regards, -- Thomas Roessler