From subs-reminder@imc.org Tue Apr 6 22:33:28 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA28616 for ; Tue, 6 Apr 2004 22:33:27 -0400 (EDT) From: subs-reminder@imc.org Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i372XMtO035244 for ; Tue, 6 Apr 2004 19:33:22 -0700 (PDT) (envelope-from subs-reminder@imc.org) Received: (from root@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i372XMg7035243; Tue, 6 Apr 2004 19:33:22 -0700 (PDT) Date: Tue, 6 Apr 2004 19:33:22 -0700 (PDT) Message-Id: <200404070233.i372XMg7035243@above.proper.com> To: openpgp-archive@ietf.org Subject: [[917218859]] Subscription to ietf-openpgp for openpgp-archive@lists.ietf.org Greetings. This message is a periodic reminder that openpgp-archive@lists.ietf.org is subscribed to the ietf-openpgp mailing list. *** SEE BELOW: PLEASE DO NOT RESPOND TO THIS MESSAGE. *** There are two purposes for this message: - If this message is bounced by your mail server, I can remove you from the mailing list and reduce waste of bandwidth and resources. (If you are reading this message, it clearly didn't get bounced!) - Some people stay subscribed to mailing lists even though they do not want to because they do not know how to unsubscribe. If you want to stay subscribed to the ietf-openpgp mailing list, you do not need to do anything. Feel free to delete this message. On the other hand, if you want to unsubscribe from this list, simply go to the following link: If for some reason you cannot go to that web site, you can also unsubscribe by email; however, doing so is not as likely to get you unsubscribed as the web site is. To unsubscribe using email, you can respond to this message and I will unsubscribe you by hand in the next few days. Again, this is not assured to work because your mail system may make it impossible for me to determine who you are or what you want to unsubscribe to. Alternatively, you can send a plain-text message to: ietf-openpgp-request@imc.org with the single word unsubscribe in the body of the message. This last method assumes that the "From:" address in your mail is "openpgp-archive@lists.ietf.org". Again, using the web site above is more likely to work than this method (due to limitations in Majordomo, the mailing list software we currently use). If you have any questions, feel free to contact me. --Paul Hoffman, list administrator From owner-ietf-openpgp@mail.imc.org Thu Apr 15 12:13:10 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA02313 for ; Thu, 15 Apr 2004 12:13:08 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3FFl13G072044; Thu, 15 Apr 2004 08:47:01 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3FFl1mY072043; Thu, 15 Apr 2004 08:47:01 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3FFl05W072037 for ; Thu, 15 Apr 2004 08:47:00 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from claude.jabberwocky.com (walrus.ne.client2.attbi.com [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id i3FFl1S15411 for ; Thu, 15 Apr 2004 11:47:02 -0400 Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id i3FFkuH10179 for ietf-openpgp@imc.org; Thu, 15 Apr 2004 11:46:56 -0400 Date: Thu, 15 Apr 2004 11:46:56 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: "Yes, I can handle PGP/MIME" Message-ID: <20040415154656.GA9480@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-Request-PGP: http://www.jabberwocky.com/david/keys.asc X-Phase-Of-Moon: The Moon is Waning Crescent (16% of Full) User-Agent: Mutt/1.5.6i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: The PGP/MIME vs inline discussion seems to be on an up-cycle, and it showed up on both the PGP and GnuPG mailing lists in the past week. I don't mean to revisit the debate itself, so suffice to say that some people use it, some people don't use it, some people can't use it, and there are difficulties when a user sends PGP/MIME to someone who can't handle it. Given all that, would there be some benefit in a standard way for a user to advertise that he can handle PGP/MIME? Specifically, a "features" subpacket bit to say "I can handle PGP/MIME". It's important not to read too much into such a feature bit. Having the bit set does not mean that PGP/MIME must be used, and having the bit unset does not mean that PGP/MIME must not be used. A PGP/MIME bit, rather like the MDC bit, simply means that the user is capable of handling a PGP/MIME message. How a sender handles that extra information is up to him. Senders remain free to use configuration, heuristics, guessing, or whatever methods they like to decide when to use PGP/MIME. To be sure, this is a little odd since OpenPGP/MIME and OpenPGP are two different things, and 2440bis is not the OpenPGP/MIME spec. Nevertheless, since you can't do OpenPGP/MIME without OpenPGP, it would be convenient to be able to advertise this capability via OpenPGP. Proposed text: In section 5.2.3.24, add: 0x02 - Recipient is capable of handling OpenPGP/MIME (RFC-3156). In the same section, change this sentence: In the case of Modification Detection, an implementation may freely infer this feature from other suitable implementation-dependent mechanisms. to: In the case of Modification Detection and OpenPGP/MIME, an implementation may freely infer this feature from other suitable implementation-dependent mechanisms. David From owner-ietf-openpgp@mail.imc.org Thu Apr 15 12:39:26 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA03478 for ; Thu, 15 Apr 2004 12:39:25 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3FGMt6j074533; Thu, 15 Apr 2004 09:22:55 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3FGMtp3074532; Thu, 15 Apr 2004 09:22:55 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from omgo.iij.ad.jp (omgo.iij.ad.jp [202.232.30.157]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3FGMsj6074526 for ; Thu, 15 Apr 2004 09:22:54 -0700 (PDT) (envelope-from kazu@iijlab.net) Received: OMGO id i3FGMuxE020363; Fri, 16 Apr 2004 01:22:56 +0900 (JST) Received: OTM-MIX0 id i3FGMtLl019628; Fri, 16 Apr 2004 01:22:55 +0900 (JST) Received: JC-SMTP from localhost (jc-ssh.iij.ad.jp [192.168.174.22]) id i3FGMsxP015873; Fri, 16 Apr 2004 01:22:55 +0900 (JST) Date: Fri, 16 Apr 2004 01:22:32 +0900 (JST) Message-Id: <20040416.012232.146562382.kazu@iijlab.net> To: dshaw@jabberwocky.com Cc: ietf-openpgp@imc.org Subject: Re: "Yes, I can handle PGP/MIME" From: Kazu Yamamoto (=?iso-2022-jp?B?GyRCOzNLXE9CSScbKEI=?=) In-Reply-To: <20040415154656.GA9480@jabberwocky.com> References: <20040415154656.GA9480@jabberwocky.com> X-Mailer: Mew version 4.0.65 on Emacs 21.3.50 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit From: David Shaw Subject: "Yes, I can handle PGP/MIME" > Given all that, would there be some benefit in a standard way for a > user to advertise that he can handle PGP/MIME? Specifically, a > "features" subpacket bit to say "I can handle PGP/MIME". Interesting. Bue I have a simple question: Suppose Alice delivered her public key which says I can't handle PGP/MIME. Then Alice comes to be able to handle PGP/MIME. How can she deliver her (new) public key which says I can hadle PGP/MIME, obsoleting old one? --Kazu From owner-ietf-openpgp@mail.imc.org Thu Apr 15 12:54:17 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA04278 for ; Thu, 15 Apr 2004 12:54:16 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3FGZgiF076093; Thu, 15 Apr 2004 09:35:42 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3FGZgaC076092; Thu, 15 Apr 2004 09:35:42 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3FGZfsc076085 for ; Thu, 15 Apr 2004 09:35:42 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from claude.jabberwocky.com (walrus.ne.client2.attbi.com [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id i3FGZhS16238; Thu, 15 Apr 2004 12:35:43 -0400 Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id i3FGZcI10543; Thu, 15 Apr 2004 12:35:38 -0400 Date: Thu, 15 Apr 2004 12:35:38 -0400 From: David Shaw To: Kazu Yamamoto Cc: ietf-openpgp@imc.org Subject: Re: "Yes, I can handle PGP/MIME" Message-ID: <20040415163538.GB9480@jabberwocky.com> Mail-Followup-To: Kazu Yamamoto , ietf-openpgp@imc.org References: <20040415154656.GA9480@jabberwocky.com> <20040416.012232.146562382.kazu@iijlab.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040416.012232.146562382.kazu@iijlab.net> X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-Request-PGP: http://www.jabberwocky.com/david/keys.asc X-Phase-Of-Moon: The Moon is Waning Crescent (16% of Full) User-Agent: Mutt/1.5.6i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Fri, Apr 16, 2004 at 01:22:32AM +0900, Kazu Yamamoto wrote: > From: David Shaw > Subject: "Yes, I can handle PGP/MIME" > > > Given all that, would there be some benefit in a standard way for a > > user to advertise that he can handle PGP/MIME? Specifically, a > > "features" subpacket bit to say "I can handle PGP/MIME". > > Interesting. > > Bue I have a simple question: > > Suppose Alice delivered her public key which says I can't handle > PGP/MIME. Then Alice comes to be able to handle PGP/MIME. How can she > deliver her (new) public key which says I can hadle PGP/MIME, > obsoleting old one? The same way she handles it if she changes her OpenPGP program to one that can handle MDC, or has different ciphers, or changes her expiration date. This is a standard thing in OpenPGP. All of the various informational subpackets can be rewritten if their information changes. Section 5.2.3.3 says: Since a self-signature contains important information about the key's use, an implementation SHOULD allow the user to rewrite the self-signature, and important information in it, such as preferences and key expiration. David From owner-ietf-openpgp@mail.imc.org Thu Apr 15 18:42:05 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA06271 for ; Thu, 15 Apr 2004 18:42:05 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3FMM9ir023789; Thu, 15 Apr 2004 15:22:09 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3FMM9EK023788; Thu, 15 Apr 2004 15:22:09 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3FMM88a023773 for ; Thu, 15 Apr 2004 15:22:08 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.3) for ; Thu, 15 Apr 2004 15:22:08 -0700 Received: from [63.251.255.205] ([63.251.255.205]) by keys.merrymeet.com (PGP Universal service); Thu, 15 Apr 2004 15:22:07 -0700 In-Reply-To: <20040415154656.GA9480@jabberwocky.com> References: <20040415154656.GA9480@jabberwocky.com> Mime-Version: 1.0 (Apple Message framework v613) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <4801860D-8F2B-11D8-BD2F-000A9568596C@callas.org> Content-Transfer-Encoding: 7bit Cc: ietf-openpgp@imc.org From: Jon Callas Subject: Re: "Yes, I can handle PGP/MIME" Date: Thu, 15 Apr 2004 15:21:46 -0700 To: David Shaw X-Mailer: Apple Mail (2.613) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit I have no problem with it. I'm a firm believer that we should be specifying syntax, and this is valuable syntax. Jon From owner-ietf-openpgp@mail.imc.org Fri Apr 16 04:12:03 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA21828 for ; Fri, 16 Apr 2004 04:12:02 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3G7qB6T080571; Fri, 16 Apr 2004 00:52:11 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3G7qBk6080569; Fri, 16 Apr 2004 00:52:11 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from zbasel.fortytwo.ch (zbasel.fortytwo.ch [212.254.206.135]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3G7qApX080523 for ; Fri, 16 Apr 2004 00:52:10 -0700 (PDT) (envelope-from avbidder@fortytwo.ch) Received: from pc-4514.ethz.ch (pc-4514.ethz.ch [129.132.57.72]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "pc-4514.ethz.ch", Issuer "fortytwo.ch CA certificate" (verified OK)) by zbasel.fortytwo.ch (Postfix) with ESMTP id 6AF1C4B for ; Fri, 16 Apr 2004 09:52:05 +0200 (CEST) Received: by pc-4514.ethz.ch (Postfix, from userid 1000) id 066DF25DA23; Fri, 16 Apr 2004 09:52:04 +0200 (CEST) From: "Adrian 'Dagurashibanipal' von Bidder" To: ietf-openpgp@imc.org Subject: Re: "Yes, I can handle PGP/MIME" Date: Fri, 16 Apr 2004 09:52:03 +0200 User-Agent: KMail/1.6.1 References: <20040415154656.GA9480@jabberwocky.com> In-Reply-To: <20040415154656.GA9480@jabberwocky.com> MIME-Version: 1.0 Content-Disposition: inline Content-Type: Text/Plain; charset="iso-8859-1" Message-Id: <200404160952.04791@fortytwo.ch> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id i3G7qBpX080564 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 8bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 15 April 2004 17.46, David Shaw wrote: > Given all that, would there be some benefit in a standard way for a > user to advertise that he can handle PGP/MIME? Specifically, a > "features" subpacket bit to say "I can handle PGP/MIME". Since this is completely unrelated to OpenPGP itself, isn't this a good case for a notation packet on the selfsig? The big advantage is that this could be specified in the proper document - the one specifying PGP/MIME (well, when it is revised the next time), or in a document updating rfc3156. I feel it is bad design to bloat the OpenPGP spec with application specific things like this (even when email is the dominant application of OpenPGP at this time.) Notation 'pgp-mime=accept' or 'rfc3156=accept' or 'email=rfc3156' or ... (Hmmm. I like the latter - perhaps there will be other options on how email should be formatted etc., and it would allow 'email=clearsigned' if somebody wants to explicitly discourage PGP/MIME usage.) greetings - -- vbi - -- featured link: http://fortytwo.ch/gpg/subkeys -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: get my key from http://fortytwo.ch/gpg/92082481 iKcEARECAGcFAkB/kKNgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l6GuoAn1iQRdwX/fD6dUVeVau02Qaa 3d3sAJ0a9ybkJPg4RSgdrhcS2iaGO208dQ== =hOZU -----END PGP SIGNATURE----- From owner-ietf-openpgp@mail.imc.org Fri Apr 16 05:40:31 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA25984 for ; Fri, 16 Apr 2004 05:40:30 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3G9PKwf021605; Fri, 16 Apr 2004 02:25:20 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3G9PKsQ021604; Fri, 16 Apr 2004 02:25:20 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from serpent.cyphers.net (rijndael.cyphers.net [64.220.173.144]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3G9PJFn021579 for ; Fri, 16 Apr 2004 02:25:19 -0700 (PDT) (envelope-from wprice@cyphers.net) Received: from serpent.cyphers.net (localhost [127.0.0.1]) by serpent.cyphers.net (Postfix) with ESMTP id 0A73C532990 for ; Fri, 16 Apr 2004 02:25:18 -0700 (PDT) Received: from cyphers.net ([64.220.173.146]) by serpent.cyphers.net (PGP Universal service); Fri, 16 Apr 2004 02:25:18 -0700 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on mail.cyphers.net X-Spam-Status: No, hits=-4.7 required=3.0 tests=AWL,BAYES_00 autolearn=ham version=2.63 X-TFF-CGPSA-Version: 1.2.4 X-TFF-CGPSA-Filter: Scanned Received: from keys.cyphers.net (account wprice [64.220.173.170] verified) by cyphers.net (CommuniGate Pro SMTP 4.1.8) with ESMTP id 1672872 for ietf-openpgp@imc.org; Fri, 16 Apr 2004 02:25:06 -0700 Received: from safer.cyphers.net ([64.220.173.134]) by keys.cyphers.net (PGP Universal service); Fri, 16 Apr 2004 02:25:06 -0700 Received: from [64.220.173.134] by safer.cyphers.net (PGP Universal service); Fri, 16 Apr 2004 02:25:06 -0700 X-PGP-Universal: processed Mime-Version: 1.0 (Apple Message framework v613) In-Reply-To: <20040415154656.GA9480@jabberwocky.com> References: <20040415154656.GA9480@jabberwocky.com> Message-Id: From: Will Price Subject: Re: "Yes, I can handle PGP/MIME" Date: Fri, 16 Apr 2004 02:24:38 -0700 To: ietf-openpgp@imc.org X-Mailer: Apple Mail (2.613) Content-Type: text/plain; format=flowed; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In the absence of a definitive non-advisory flag, we solved this problem over a year ago, and the solution is now deployed in many versions of shipping products. Since PGP products never (before PGP Universal) generated the preferred keyserver attribute on keys, we consider PGP/MIME to be a preferred encoding format if the recipient key has this flag. If the flag does not appear, we use Legacy encoding (to be distinguished from the simplistic "inline" encoding concept as real scenarios such as sending HTML, RTF, encoded multiparts, and attachments properly in a method compatible with legacy products requires far more work when not using PGP/MIME than simply encrypting a block of "inline" plaintext). Given that most PGP products before PGP Universal did not support PGP/MIME, and the only extant keys with said flag were some GPG keys, and most GPG front ends both require and only support PGP/MIME, it was a logical choice which has worked out well. Thus, we would have no use for such a flag (if you had posted your message two years ago, that would be a different answer). I don't anticipate any major email scenarios in the future which will not support at least the decoding of PGP/MIME. PGP products either do now or will use this flag in the way indicated above. Since most GPG front ends already require PGP/MIME and often set this flag on keys, the waters are already moving in the proper direction. Email formats are becoming ever more complex. PGP/MIME is the only standard solution on the table. Legacy encoding methods can be created to encapsulate MIME in a non-PGP/MIME way for maximum backwards compatibility as we have done with PGP Universal, but the complexity of creating an actual standard around such methods far exceeds the complexity of filling in the last few pieces in the transition to PGP/MIME. The illusion here is that there is an alternative to PGP/MIME. That illusion is rapidly dispelled after careful analysis of all the kinds of email from every mailer and every mail system are thrown into the pot and we try to figure out how to encode them all without PGP/MIME. It is relatively hopeless to have 100% accuracy like PGP/MIME. Should legacy formats still be used in some cases and possibly even for decades to come? Quite likely. There are some simple text/plain scenarios where using PGP/MIME just isn't worth the possibility of a compatibility issue. The reality is that the vast majority of email no longer falls into that category. While this was a bit of a hack, the facts on keys in the field match the usage of the attribute and all signs point to that continuing. I believe over the next two years we will find that the remaining deployed population unable to decode PGP/MIME will have dwindled to insignificant levels. Meanwhile, anything we discussed here right now would not have any measurable deployment until likely 2005. Thus, I would suggest that if you find yourself needing such a flag, adopting the same method would be the most advisable and simplest solution which has the advantage of already being deployed. On Apr 15, 2004, at 8:46 AM, David Shaw wrote: > Given all that, would there be some benefit in a standard way for a > user to advertise that he can handle PGP/MIME? Specifically, a > "features" subpacket bit to say "I can handle PGP/MIME". - -- Will Price, VP Engineering PGP Corporation -----BEGIN PGP SIGNATURE----- Version: PGP Universal Satellite 1.2.0 (Build 182) iQA/AwUBQH+mcqy7FkvPc+xMEQLnVgCg2UA1tg9NpTg4BJYsBWaDGr4N3QYAn3FG f7PCObydphKV/ieWNSzAoq2O =XNK6 -----END PGP SIGNATURE----- From owner-ietf-openpgp@mail.imc.org Fri Apr 16 06:26:17 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA27922 for ; Fri, 16 Apr 2004 06:26:16 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GA8q1a029362; Fri, 16 Apr 2004 03:08:52 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3GA8q55029361; Fri, 16 Apr 2004 03:08:52 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from zbasel.fortytwo.ch (zbasel.fortytwo.ch [212.254.206.135]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GA8pVp029347 for ; Fri, 16 Apr 2004 03:08:51 -0700 (PDT) (envelope-from avbidder@fortytwo.ch) Received: from pc-4514.ethz.ch (pc-4514.ethz.ch [129.132.57.72]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "pc-4514.ethz.ch", Issuer "fortytwo.ch CA certificate" (verified OK)) by zbasel.fortytwo.ch (Postfix) with ESMTP id B50F1DB for ; Fri, 16 Apr 2004 12:08:51 +0200 (CEST) Received: by pc-4514.ethz.ch (Postfix, from userid 1000) id 9E9BC25DA23; Fri, 16 Apr 2004 12:08:50 +0200 (CEST) From: "Adrian 'Dagurashibanipal' von Bidder" To: ietf-openpgp@imc.org Subject: Re: "Yes, I can handle PGP/MIME" Date: Fri, 16 Apr 2004 12:08:45 +0200 User-Agent: KMail/1.6.1 References: <20040415154656.GA9480@jabberwocky.com> In-Reply-To: MIME-Version: 1.0 Content-Disposition: inline Content-Type: Text/Plain; charset="iso-8859-1" Message-Id: <200404161208.50370@fortytwo.ch> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id i3GA8qVp029354 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 8bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 16 April 2004 11.24, Will Price wrote: [...] > Email formats are becoming ever more complex. PGP/MIME is the only > standard solution on the table. [...] - some people are not able to or do not want to use PGP/MIME for whatever reason - PGP/MIME might be replaced by yet another standard in the future. I think, since userid are quite tightly bound to email addresses, that a way to tell the sender how the key owner expects to receive digitally signed/encrypted email is something that would solve an actual problem. Remember, rfc1847 is now almost 10 years old, and rfc2015[*] is 8 years old, and still the dominant email client fails horribly on such messages, and still inline signed email is widely in use (you said that not many PGP product until recently supported PGP/MIME.) So I think being friendly to users of legacy solutions is one lession one should have learned by now in the IT world. greetings - -- vbi [*] yes, I know the current standard is 3156, but I think the differencies do not matter for mailers *not* supporting that standard. In case the MIME rfcs are unclear on what to do with multipart/ messages, rfc1847 should be enough for people to be aware of the existence of such messages. - -- featured link: http://fortytwo.ch/gpg/intro -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: get my key from http://fortytwo.ch/gpg/92082481 iKcEARECAGcFAkB/sLFgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l6mlYAoI9BucT9hemvtz3tpTmxRFgs dT1PAJ4uvlfcXXe0axNx/GBJUri05JIYPg== =vlLu -----END PGP SIGNATURE----- From owner-ietf-openpgp@mail.imc.org Fri Apr 16 06:39:34 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA28720 for ; Fri, 16 Apr 2004 06:39:33 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GAMcjn031319; Fri, 16 Apr 2004 03:22:38 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3GAMcUK031318; Fri, 16 Apr 2004 03:22:38 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from thetis.deor.org (thetis.deor.org [207.106.86.210]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GAMbmA031303 for ; Fri, 16 Apr 2004 03:22:37 -0700 (PDT) (envelope-from rabbi@abditum.com) Received: by thetis.deor.org (Postfix, from userid 500) id AD9FA450AF; Fri, 16 Apr 2004 03:22:37 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by thetis.deor.org (Postfix) with ESMTP id 9D54E4802E; Fri, 16 Apr 2004 03:22:37 -0700 (PDT) Date: Fri, 16 Apr 2004 03:22:37 -0700 (PDT) From: Len Sassaman X-X-Sender: rabbi@thetis.deor.org To: Will Price Cc: ietf-openpgp@imc.org Subject: Re: "Yes, I can handle PGP/MIME" In-Reply-To: Message-ID: References: <20040415154656.GA9480@jabberwocky.com> X-AIM: Elom777 X-icq: 10735603 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Fri, 16 Apr 2004, Will Price wrote: > In the absence of a definitive non-advisory flag, we solved this > problem over a year ago, and the solution is now deployed in many > versions of shipping products. Since PGP products never (before PGP For the record, I believe this "solution" to be ill-advised. Implementing such hacks without discussion in this group will result in continued compatibility issues between OpenPGP implementations. I informed the product manager of PGP Universal of this error before the product originally shipped, but was told it was too late to change tactics at that point. Nevertheless, I still believe that the "preferred keyserver" packet should indicate preferred keyservers, and that MIME-encoding preferences should be indicated elsewhere. Your solution is a hack, and an unnecessary one, since there is an elegant means of expressing such information already built into OpenPGP -- the notation data packet. I hope this is corrected in future releases of PGP Universal. --Len. From owner-ietf-openpgp@mail.imc.org Fri Apr 16 09:11:21 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA06294 for ; Fri, 16 Apr 2004 09:11:21 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GCmJ5I051892; Fri, 16 Apr 2004 05:48:19 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3GCmJVq051891; Fri, 16 Apr 2004 05:48:19 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from www.enhyper.com (mailgate.enhyper.com [62.49.250.18]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GCmICf051877 for ; Fri, 16 Apr 2004 05:48:18 -0700 (PDT) (envelope-from iang@systemics.com) Received: from systemics.com (localhost.localdomain [127.0.0.1]) by www.enhyper.com (8.11.6/8.11.6) with ESMTP id i3GClkm24957; Fri, 16 Apr 2004 13:47:52 +0100 Message-ID: <407FD5CD.6010205@systemics.com> Date: Fri, 16 Apr 2004 08:47:09 -0400 From: Ian Grigg User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6b) Gecko/20040113 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org CC: "Adrian 'Dagurashibanipal' von Bidder" Subject: Re: "Yes, I can handle PGP/MIME" References: <20040415154656.GA9480@jabberwocky.com> <200404161208.50370@fortytwo.ch> In-Reply-To: <200404161208.50370@fortytwo.ch> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Adrian 'Dagurashibanipal' von Bidder wrote: > - some people are not able to or do not want to use PGP/MIME for > whatever reason > - PGP/MIME might be replaced by yet another standard in the future. To add to that, - email itself is being overtaken by IM. I read somewhere (can't recall where) that the IM traffic already exceeds that of email. Thinking in terms of "OpenPGP is for email" is akin to saying "dinosaurs rule the earth" ... it's only true for so long. > I think, since userid are quite tightly bound to email addresses, that a > way to tell the sender how the key owner expects to receive digitally > signed/encrypted email is something that would solve an actual problem. Why can't you invent a convention that adjusts the userid to include an OpenPGP/MIME hint? It could be some small char like *, or some longer string: Ian Grigg * Iang MIME++" I'm a lover of OpenPGP/MIME This is what we did in our use of OpenPGP for a different application: Ian Grigg [certification] (dss2) The application goes searching for words in square brackets. If you wanted to use the same convention, then, add in [MIME] to each userid. iang From owner-ietf-openpgp@mail.imc.org Fri Apr 16 09:44:30 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA08713 for ; Fri, 16 Apr 2004 09:44:29 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GDPUHF057157; Fri, 16 Apr 2004 06:25:30 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3GDPUgc057156; Fri, 16 Apr 2004 06:25:30 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from zbasel.fortytwo.ch (zbasel.fortytwo.ch [212.254.206.135]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GDPTJl057142 for ; Fri, 16 Apr 2004 06:25:30 -0700 (PDT) (envelope-from avbidder@fortytwo.ch) Received: from pc-4514.ethz.ch (pc-4514.ethz.ch [129.132.57.72]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "pc-4514.ethz.ch", Issuer "fortytwo.ch CA certificate" (verified OK)) by zbasel.fortytwo.ch (Postfix) with ESMTP id 75E1CC4 for ; Fri, 16 Apr 2004 15:25:31 +0200 (CEST) Received: by pc-4514.ethz.ch (Postfix, from userid 1000) id 1C0E925DA23; Fri, 16 Apr 2004 15:25:31 +0200 (CEST) From: "Adrian 'Dagurashibanipal' von Bidder" To: ietf-openpgp@imc.org Subject: Re: "Yes, I can handle PGP/MIME" Date: Fri, 16 Apr 2004 15:25:29 +0200 User-Agent: KMail/1.6.1 References: <20040415154656.GA9480@jabberwocky.com> <200404161208.50370@fortytwo.ch> <407FD5CD.6010205@systemics.com> In-Reply-To: <407FD5CD.6010205@systemics.com> MIME-Version: 1.0 Content-Disposition: inline Content-Type: Text/Plain; charset="iso-8859-1" Message-Id: <200404161525.30889@fortytwo.ch> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id i3GDPUJl057151 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 8bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [no cc:s, please] On Friday 16 April 2004 14.47, Ian Grigg wrote: > Why can't you invent a convention that adjusts the > userid to include an OpenPGP/MIME hint? Ugh. And then I'm forced to change the userid when I change my mailer, and lose all signatures on the userid that I've collected so far? I think embedding this info in the selfsig is the way to go - I can replace that and if the software is clever enough to silently ignore all but the newest selfsig, all users won't even notice that the underlying technology doesn't allow you to change your key, but only to add to it. I still think that this is a perfect example where notations would be the solution. cheers - -- vbi - -- featured product: Debian GNU/Linux - http://debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: get my key from http://fortytwo.ch/gpg/92082481 iKcEARECAGcFAkB/3slgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l6XbYAn2qgxzMUQWyucqEVOIFd0fk3 HZPkAKCYLTOXdYhogyQxsB0fuRO7zbI3Ww== =m9m7 -----END PGP SIGNATURE----- From owner-ietf-openpgp@mail.imc.org Fri Apr 16 11:16:04 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA15282 for ; Fri, 16 Apr 2004 11:16:03 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GEuu2M071685; Fri, 16 Apr 2004 07:56:56 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3GEuuVF071684; Fri, 16 Apr 2004 07:56:56 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GEuusw071678 for ; Fri, 16 Apr 2004 07:56:56 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from claude.jabberwocky.com (walrus.ne.client2.attbi.com [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id i3GEuwS30490 for ; Fri, 16 Apr 2004 10:56:58 -0400 Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id i3GEuqJ25172 for ietf-openpgp@imc.org; Fri, 16 Apr 2004 10:56:52 -0400 Date: Fri, 16 Apr 2004 10:56:52 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: "Yes, I can handle PGP/MIME" Message-ID: <20040416145652.GB24809@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20040415154656.GA9480@jabberwocky.com> <200404160952.04791@fortytwo.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200404160952.04791@fortytwo.ch> X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-Request-PGP: http://www.jabberwocky.com/david/keys.asc X-Phase-Of-Moon: The Moon is Waning Crescent (9% of Full) User-Agent: Mutt/1.5.6i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Fri, Apr 16, 2004 at 09:52:03AM +0200, Adrian 'Dagurashibanipal' von Bidder wrote: > > On Thursday 15 April 2004 17.46, David Shaw wrote: > > > Given all that, would there be some benefit in a standard way for a > > user to advertise that he can handle PGP/MIME? Specifically, a > > "features" subpacket bit to say "I can handle PGP/MIME". > > Since this is completely unrelated to OpenPGP itself, isn't this a good > case for a notation packet on the selfsig? The big advantage is that > this could be specified in the proper document - the one specifying > PGP/MIME (well, when it is revised the next time), or in a document > updating rfc3156. > > I feel it is bad design to bloat the OpenPGP spec with application > specific things like this (even when email is the dominant application > of OpenPGP at this time.) > > Notation 'pgp-mime=accept' or 'rfc3156=accept' or 'email=rfc3156' or ... > (Hmmm. I like the latter - perhaps there will be other options on how > email should be formatted etc., and it would allow 'email=clearsigned' > if somebody wants to explicitly discourage PGP/MIME usage.) I have no objections to this, though a more complex encoding of PGP/MIME desires (aside from yes or no) may be overkill for the problem at hand. David From owner-ietf-openpgp@mail.imc.org Fri Apr 16 11:19:05 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA15494 for ; Fri, 16 Apr 2004 11:19:05 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GEqWML071125; Fri, 16 Apr 2004 07:52:32 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3GEqWpe071123; Fri, 16 Apr 2004 07:52:32 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GEqVUA071115 for ; Fri, 16 Apr 2004 07:52:31 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from claude.jabberwocky.com (walrus.ne.client2.attbi.com [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id i3GEqXS30453 for ; Fri, 16 Apr 2004 10:52:33 -0400 Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id i3GEqSG25130 for ietf-openpgp@imc.org; Fri, 16 Apr 2004 10:52:28 -0400 Date: Fri, 16 Apr 2004 10:52:28 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: "Yes, I can handle PGP/MIME" Message-ID: <20040416145228.GA24809@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20040415154656.GA9480@jabberwocky.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-Request-PGP: http://www.jabberwocky.com/david/keys.asc X-Phase-Of-Moon: The Moon is Waning Crescent (9% of Full) User-Agent: Mutt/1.5.6i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: While I was aware of PGP's already deployed double meaning for the "preferred keyserver" field (being both a preferred keyserver and "use PGP/MIME" flag), I did not want my proposal to be interpreted as an indictment of that method and so did not discuss it. A desire to avoid confict with that already deployed method is why there is an entire paragraph of bending backwards in my proposal to insist that programs can use any heuristics they want to determine PGP/MIME usage. PGP would be completely compliant even if it ignored the proposed flag altogether. Nevertheless, some comments: On Fri, Apr 16, 2004 at 02:24:38AM -0700, Will Price wrote: > Thus, we would have no use for such a flag (if you had posted your > message two years ago, that would be a different answer). I don't > anticipate any major email scenarios in the future which will not > support at least the decoding of PGP/MIME. PGP products either do now > or will use this flag in the way indicated above. Since most GPG front > ends already require PGP/MIME and often set this flag on keys, the > waters are already moving in the proper direction. Unfortunately, this is not true. No version of GnuPG sets the "preferred keyserver" flag on keys. It is a feature scheduled for 1.4, but only exists on my laptop at this moment. > While this was a bit of a hack, the facts on keys in the field match > the usage of the attribute and all signs point to that continuing. I > believe over the next two years we will find that the remaining > deployed population unable to decode PGP/MIME will have dwindled to > insignificant levels. I believed that as well, back in 1996. I believed it again in 1998, and so on. ;) Here we are in 2004, and I still can't send PGP/MIME to many correspondants. As recently as two years ago, I sent PGP/MIME mail to Philip Zimmermann. He was unable to read it. Note that I am not arguing against using PGP/MIME. I use it whenever I can, and I honestly believe it is the way to go. Unfortunately, not everyone is able to use it. Since I do not forsee this situation changing anytime soon - I've waited 8 years now - a features flag or notation is a simple indicator of the mail preference of the keyholder. David From owner-ietf-openpgp@mail.imc.org Fri Apr 16 11:26:41 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA16033 for ; Fri, 16 Apr 2004 11:26:40 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GFAjDP073778; Fri, 16 Apr 2004 08:10:45 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3GFAjAM073777; Fri, 16 Apr 2004 08:10:45 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from www.enhyper.com (mailgate.enhyper.com [62.49.250.18]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GFAija073762 for ; Fri, 16 Apr 2004 08:10:44 -0700 (PDT) (envelope-from iang@systemics.com) Received: from systemics.com (localhost.localdomain [127.0.0.1]) by www.enhyper.com (8.11.6/8.11.6) with ESMTP id i3GFAYm25577; Fri, 16 Apr 2004 16:10:40 +0100 Message-ID: <407FF745.9000302@systemics.com> Date: Fri, 16 Apr 2004 11:09:57 -0400 From: Ian Grigg User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6b) Gecko/20040113 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org Subject: Re: "Yes, I can handle PGP/MIME" References: <20040415154656.GA9480@jabberwocky.com> <200404161208.50370@fortytwo.ch> <407FD5CD.6010205@systemics.com> <200404161525.30889@fortytwo.ch> In-Reply-To: <200404161525.30889@fortytwo.ch> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Adrian 'Dagurashibanipal' von Bidder wrote: >>Why can't you invent a convention that adjusts the >>userid to include an OpenPGP/MIME hint? > > > Ugh. And then I'm forced to change the userid when I change my mailer, > and lose all signatures on the userid that I've collected so far? I > think embedding this info in the selfsig is the way to go - I can > replace that and if the software is clever enough to silently ignore > all but the newest selfsig, all users won't even notice that the > underlying technology doesn't allow you to change your key, but only to > add to it. I still think that this is a perfect example where notations > would be the solution. Well, right. All that above has to be balanced against the fact that email is a user application, and it's not good to pollute OpenPGP with special hacks and bits. (I'm not wedded to my above suggestion, it's more in the vein of searching for alternates. And there seem to be plenty of bits available for this sort of use...) If the choice were between adding a bit as per the original thread suggestion by David, and overloading another bit already utilised, as a "version" indicator, (the "preferred keyserver attribute" ?) then I'd definately plumb for the former - define a special bit: 0x02 - Recipient is capable of handling OpenPGP/MIME (RFC-3156). (etc.) I think David's original post still rules. As a standard, it's good to keep an eye on compatibility amongst implementations, but overloading should be discouraged. There's no reason why future implementations couldn't adopt that bit, even if they used some overloaded bit in the past/absence. iang PS: at what point do we go for feature freeze? How long does this process of minor additions go on for? Derik, what is the process to get this thing signed off and passed into law? From owner-ietf-openpgp@mail.imc.org Fri Apr 16 12:03:53 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA18048 for ; Fri, 16 Apr 2004 12:03:52 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GFljoq079210; Fri, 16 Apr 2004 08:47:45 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3GFljuW079209; Fri, 16 Apr 2004 08:47:45 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from thingol.ac.utimaco.de (Thingol.aachen.utimaco.de [194.245.91.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GFliQo079192 for ; Fri, 16 Apr 2004 08:47:44 -0700 (PDT) (envelope-from Holger.Sesterhenn@smgwtest.aachen.utimaco.de) Received: (from mail@localhost) by thingol.ac.utimaco.de (8.12.10/8.12.10) id i3GFtMsx019368 for ; Fri, 16 Apr 2004 17:55:22 +0200 Message-ID: <407FFFEA.7020301@smgwtest.aachen.utimaco.de> Date: Fri, 16 Apr 2004 17:46:50 +0200 From: Holger Sesterhenn Organization: Utimaco Safeware AG, NL Aachen User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030821 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org Subject: Re: "Yes, I can handle PGP/MIME" References: <20040415154656.GA9480@jabberwocky.com> <20040416145228.GA24809@jabberwocky.com> In-Reply-To: <20040416145228.GA24809@jabberwocky.com> X-Enigmail-Version: 0.76.7.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Hi, > Note that I am not arguing against using PGP/MIME. I use it whenever > I can, and I honestly believe it is the way to go. Unfortunately, not > everyone is able to use it. Since I do not forsee this situation > changing anytime soon - I've waited 8 years now - a features flag or > notation is a simple indicator of the mail preference of the > keyholder. Well, as soon as someone contributes a PGP/MIME capable plugin for a specific mail client from a very specific company I am willing to say that PGP/MIME might have a chance becoming a new standard (*). In the meanwhile we should not use a rarely spread flag indicating the use of keyservers to say "hey, I like PGP/MIME". I don't like hacks anymore. Using a notation sounds ok for me. Best Regards, Holger Sesterhenn --- Internet http://www.utimaco.com (*) Yes, Enigmail for Outlook or Outlook Express would be great! From owner-ietf-openpgp@mail.imc.org Mon Apr 19 04:18:29 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA24797 for ; Mon, 19 Apr 2004 04:18:28 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3J7vd4d022195; Mon, 19 Apr 2004 00:57:39 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3J7vdEU022191; Mon, 19 Apr 2004 00:57:39 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from zbasel.fortytwo.ch (zbasel.fortytwo.ch [212.254.206.135]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3J7vbLq022061 for ; Mon, 19 Apr 2004 00:57:38 -0700 (PDT) (envelope-from avbidder@fortytwo.ch) Received: from pc-4514.ethz.ch (pc-4514.ethz.ch [129.132.57.72]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "pc-4514.ethz.ch", Issuer "fortytwo.ch CA certificate" (verified OK)) by zbasel.fortytwo.ch (Postfix) with ESMTP id 2558145D for ; Mon, 19 Apr 2004 09:57:20 +0200 (CEST) Received: by pc-4514.ethz.ch (Postfix, from userid 1000) id 8A29A25DA23; Mon, 19 Apr 2004 09:57:19 +0200 (CEST) From: "Adrian 'Dagurashibanipal' von Bidder" To: ietf-openpgp@imc.org Subject: Re: "Yes, I can handle PGP/MIME" Date: Mon, 19 Apr 2004 09:57:19 +0200 User-Agent: KMail/1.6.1 References: <20040415154656.GA9480@jabberwocky.com> <200404161525.30889@fortytwo.ch> <407FF745.9000302@systemics.com> In-Reply-To: <407FF745.9000302@systemics.com> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_fZ4gAZtljhBcduX"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200404190957.19325@fortytwo.ch> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --Boundary-02=_fZ4gAZtljhBcduX Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Friday 16 April 2004 17.09, you wrote: > Adrian 'Dagurashibanipal' von Bidder wrote: > >>Why can't you invent a convention that adjusts the > >>userid to include an OpenPGP/MIME hint? > > > > Ugh. And then I'm forced to change the userid when I change my > > mailer, and lose all signatures on the userid that I've collected > > so far? I think embedding this info in the selfsig is the way to > > go[...]=20 > Well, right. All that above has to be balanced > against the fact that email is a user application, > and it's not good to pollute OpenPGP with special > hacks and bits.=20 Yep, fully agree. Perhaps you've not read my first mail in this thread:=20 I feel this bit to be unnecessary, IMHO notation data was invented=20 exactly for cases like this. cheers =2D- vbi =2D-=20 P'tang! --Boundary-02=_fZ4gAZtljhBcduX Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iKcEABECAGcFAkCDhl9gGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l6cucAoKF1TDvbd79tKeo8FuxCzPzQ +eV/AKCPba8xGrKNP4ElUMjKhKAZDg/qTQ== =lWkb -----END PGP SIGNATURE----- --Boundary-02=_fZ4gAZtljhBcduX-- From owner-ietf-openpgp@mail.imc.org Mon Apr 19 05:07:32 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA24803 for ; Mon, 19 Apr 2004 04:18:29 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3J81imP023790; Mon, 19 Apr 2004 01:01:44 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3J81i22023789; Mon, 19 Apr 2004 01:01:44 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from zbasel.fortytwo.ch (zbasel.fortytwo.ch [212.254.206.135]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3J81h0D023778 for ; Mon, 19 Apr 2004 01:01:44 -0700 (PDT) (envelope-from avbidder@fortytwo.ch) Received: from pc-4514.ethz.ch (pc-4514.ethz.ch [129.132.57.72]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "pc-4514.ethz.ch", Issuer "fortytwo.ch CA certificate" (verified OK)) by zbasel.fortytwo.ch (Postfix) with ESMTP id 7168266 for ; Mon, 19 Apr 2004 10:01:43 +0200 (CEST) Received: by pc-4514.ethz.ch (Postfix, from userid 1000) id 0E22425DA23; Mon, 19 Apr 2004 10:01:43 +0200 (CEST) From: "Adrian 'Dagurashibanipal' von Bidder" To: ietf-openpgp@imc.org Subject: Re: "Yes, I can handle PGP/MIME" Date: Mon, 19 Apr 2004 10:01:42 +0200 User-Agent: KMail/1.6.1 References: <20040415154656.GA9480@jabberwocky.com> <20040416145228.GA24809@jabberwocky.com> <407FFFEA.7020301@smgwtest.aachen.utimaco.de> In-Reply-To: <407FFFEA.7020301@smgwtest.aachen.utimaco.de> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_md4gAyUtQZ+KDKp"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200404191001.42831@fortytwo.ch> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --Boundary-02=_md4gAyUtQZ+KDKp Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Friday 16 April 2004 17.46, Holger Sesterhenn wrote: > Well, as soon as someone contributes a PGP/MIME capable plugin for a > specific mail client from a very specific company I am willing to say > that PGP/MIME might have a chance becoming a new standard (*). Won't solve the problem for those who like to sign their mail per=20 default - the problem is not people who are aware of OpenPGP (those=20 usually know the PGP/MIME problem when they use MSOE, which in my=20 experience is quite rare anyway.) The problem is people who do not know=20 anything and do not care about OpenPGP (or any other form of email=20 protection.) They won't be ready (or able) to install something on=20 their machine to be able to read my mail. cheers =2D- vbi =2D-=20 Conquest is easy. Control is not. -- Kirk, "Mirror, Mirror", stardate unknown --Boundary-02=_md4gAyUtQZ+KDKp Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iKcEABECAGcFAkCDh2ZgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l6H/gAoL2RCb8F3w2TOBG/6GqXZWPS ATi0AJ0ReuWRxtRA/xbxo3VtfqePbQxGGA== =uq40 -----END PGP SIGNATURE----- --Boundary-02=_md4gAyUtQZ+KDKp-- From owner-ietf-openpgp@mail.imc.org Mon Apr 19 17:41:39 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA12363 for ; Mon, 19 Apr 2004 17:41:38 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3JLKuUd020603; Mon, 19 Apr 2004 14:20:56 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3JLKuEv020602; Mon, 19 Apr 2004 14:20:56 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3JLKttK020591 for ; Mon, 19 Apr 2004 14:20:55 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.4) for ; Mon, 19 Apr 2004 14:20:56 -0700 Received: from [63.73.97.180] ([63.73.97.180]) by keys.merrymeet.com (PGP Universal service); Mon, 19 Apr 2004 14:20:56 -0700 Mime-Version: 1.0 (Apple Message framework v613) In-Reply-To: <200404190957.19325@fortytwo.ch> References: <20040415154656.GA9480@jabberwocky.com> <200404161525.30889@fortytwo.ch> <407FF745.9000302@systemics.com> <200404190957.19325@fortytwo.ch> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <73802EB0-9247-11D8-AA50-000A9568596C@callas.org> Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: "Yes, I can handle PGP/MIME" Date: Mon, 19 Apr 2004 14:20:58 -0700 To: OpenPGP X-Mailer: Apple Mail (2.613) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit I'm considering this to be so controversial that there is no consensus for it, and what bits of consensus there are lean away from it. Jon From owner-ietf-openpgp@mail.imc.org Mon Apr 19 21:07:47 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA25636 for ; Mon, 19 Apr 2004 21:07:46 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3K0nZK0035531; Mon, 19 Apr 2004 17:49:35 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3K0nZLK035530; Mon, 19 Apr 2004 17:49:35 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3K0nTZN035523 for ; Mon, 19 Apr 2004 17:49:33 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.ne.client2.attbi.com (walrus.ne.client2.attbi.com [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id i3K0nQu16897 for ; Mon, 19 Apr 2004 20:49:31 -0400 Received: from claude.jabberwocky.com ([172.24.84.27]) by walrus.ne.client2.attbi.com (8.12.8/8.12.8) with ESMTP id i3K0nLuG018264 for ; Mon, 19 Apr 2004 20:49:21 -0400 Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id i3K0nLQ12319 for ietf-openpgp@imc.org; Mon, 19 Apr 2004 20:49:21 -0400 Date: Mon, 19 Apr 2004 20:49:20 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Whither the 0x40 timestamp signature? Message-ID: <20040420004920.GH29690@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-Request-PGP: http://www.jabberwocky.com/david/keys.asc X-Phase-Of-Moon: The Moon is Waning Crescent (1% of Full) User-Agent: Mutt/1.5.6i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: When we defined the 0x50 notary signature, the old 0x40 from 1991 was the insipration for it. 0x40 was defined in 1991 as more or less what the 0x50 sig is defined for today. Now we have both the 0x40 and 0x50, and the 0x40 seems rather underdefined to me. For starters, there are no hashing rules specified for it, so how do you make one? Since both the 0x40 and 0x50 get a target subpacket, one could infer that they are similar, but there is nothing concrete. I'm not necessarily requesting that 0x40 be fleshed out and clarified: I'd be just as content to see it dropped. If, as I assume, the 0x40 is just the same as the 0x50 with a different (human) interpretation, then perhaps we should just drop it. If people want to assign human interpretations to their signatures, let them use notations. David From owner-ietf-openpgp@mail.imc.org Tue Apr 20 00:40:21 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA06589 for ; Tue, 20 Apr 2004 00:40:20 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3K4JY6L050191; Mon, 19 Apr 2004 21:19:34 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3K4JYcA050189; Mon, 19 Apr 2004 21:19:34 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3K4JXjg050171 for ; Mon, 19 Apr 2004 21:19:33 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.4) for ; Mon, 19 Apr 2004 21:19:39 -0700 Received: from [63.73.97.180] ([63.73.97.180]) by keys.merrymeet.com (PGP Universal service); Mon, 19 Apr 2004 21:19:37 -0700 In-Reply-To: <20040420004920.GH29690@jabberwocky.com> References: <20040420004920.GH29690@jabberwocky.com> Mime-Version: 1.0 (Apple Message framework v613) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit Cc: ietf-openpgp@imc.org From: Jon Callas Subject: Re: Whither the 0x40 timestamp signature? Date: Mon, 19 Apr 2004 21:19:18 -0700 To: David Shaw X-Mailer: Apple Mail (2.613) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit > I'm not necessarily requesting that 0x40 be fleshed out and clarified: > I'd be just as content to see it dropped. If, as I assume, the 0x40 > is just the same as the 0x50 with a different (human) interpretation, > then perhaps we should just drop it. If people want to assign human > interpretations to their signatures, let them use notations. > As I remember, it stays there for the same reason that some other seldom-to-never-used signature types are there: for backwards compatibility with their never being used. They are there for the same reason there is old stuff in my garage -- we hope to use it someday. I'm not sure spring cleaning is warranted, but it's easy enough, if people think so. Jon From owner-ietf-openpgp@mail.imc.org Tue Apr 20 08:16:28 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA12729 for ; Tue, 20 Apr 2004 08:16:28 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3KBthgs065887; Tue, 20 Apr 2004 04:55:43 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3KBthPP065886; Tue, 20 Apr 2004 04:55:43 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from www.enhyper.com (mailgate.enhyper.com [62.49.250.18]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3KBteDH065879 for ; Tue, 20 Apr 2004 04:55:42 -0700 (PDT) (envelope-from iang@systemics.com) Received: from systemics.com (localhost.localdomain [127.0.0.1]) by www.enhyper.com (8.11.6/8.11.6) with ESMTP id i3KBt7m24907; Tue, 20 Apr 2004 12:55:13 +0100 Message-ID: <40850F74.1060700@systemics.com> Date: Tue, 20 Apr 2004 07:54:28 -0400 From: Ian Grigg User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6b) Gecko/20040113 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org CC: Jon Callas , David Shaw Subject: Re: Whither the 0x40 timestamp signature? References: <20040420004920.GH29690@jabberwocky.com> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Jon Callas wrote: > >> I'm not necessarily requesting that 0x40 be fleshed out and clarified: >> I'd be just as content to see it dropped. If, as I assume, the 0x40 >> is just the same as the 0x50 with a different (human) interpretation, >> then perhaps we should just drop it. If people want to assign human >> interpretations to their signatures, let them use notations. >> > > As I remember, it stays there for the same reason that some other > seldom-to-never-used > signature types are there: for backwards compatibility with their never > being used. They are there for the same reason there is old stuff in my > garage -- we hope to use it someday. > > I'm not sure spring cleaning is warranted, but it's easy enough, if > people think so. If it can be marked with a SHOULD NOT use / deprecated then that would be good. More spring cleaning is better. OpenPGP's incessant algorithmic messiness slows its migration. (a general comment, not specific. for clarification I have no clue as to the particular number.) iang From owner-ietf-openpgp@mail.imc.org Tue Apr 20 11:31:48 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA25985 for ; Tue, 20 Apr 2004 11:31:47 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3KFC6tW090336; Tue, 20 Apr 2004 08:12:06 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3KFC6VK090335; Tue, 20 Apr 2004 08:12:06 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3KFC4VB090329 for ; Tue, 20 Apr 2004 08:12:04 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.ne.client2.attbi.com (walrus.ne.client2.attbi.com [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id i3KFAYu06596; Tue, 20 Apr 2004 11:10:34 -0400 Received: from claude.jabberwocky.com ([172.24.84.27]) by walrus.ne.client2.attbi.com (8.12.8/8.12.8) with ESMTP id i3KFATuG000313; Tue, 20 Apr 2004 11:10:29 -0400 Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id i3KFASn27978; Tue, 20 Apr 2004 11:10:28 -0400 Date: Tue, 20 Apr 2004 11:10:28 -0400 From: David Shaw To: Jon Callas Cc: ietf-openpgp@imc.org Subject: Re: Whither the 0x40 timestamp signature? Message-ID: <20040420151028.GA27514@jabberwocky.com> Mail-Followup-To: Jon Callas , ietf-openpgp@imc.org References: <20040420004920.GH29690@jabberwocky.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-Request-PGP: http://www.jabberwocky.com/david/keys.asc X-Phase-Of-Moon: The Moon is New User-Agent: Mutt/1.5.6i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, Apr 19, 2004 at 09:19:18PM -0700, Jon Callas wrote: > >I'm not necessarily requesting that 0x40 be fleshed out and clarified: > >I'd be just as content to see it dropped. If, as I assume, the 0x40 > >is just the same as the 0x50 with a different (human) interpretation, > >then perhaps we should just drop it. If people want to assign human > >interpretations to their signatures, let them use notations. > > > > As I remember, it stays there for the same reason that some other > seldom-to-never-used > signature types are there: for backwards compatibility with their never > being used. They are there for the same reason there is old stuff in my > garage -- we hope to use it someday. > > I'm not sure spring cleaning is warranted, but it's easy enough, if > people think so. I'm not sure about spring cleaning, either. Underspecified parts of the standard trouble me, however. They can't be implemented, and they aren't marked "for future use" either. The 0x40 signature was mentioned in 1991 as a signature over a signature, but no information was given on how to actually make one. 2440 redefined the 0x40 as a "timestamp signature", but still no information was given on how to make one, and it was no longer stated to be a signature over a signature. The 2440bis drafts add a little hint in that 0x40 gets a signature target, which only makes sense if 0x40 has a signature as at least part of its input. I'll defer to the feeling of the WG on whether to drop or not. However, if are going to keep 0x40 in the standard, we should at least say how to make one or explicitly mark it for future use. If the intent is that 0x40 is in fact a signature over a signature (and nothing else), then a simple fix is to change section 5.2.1, which currently says: 0x40: Timestamp signature. This signature is only meaningful for the timestamp contained in it. Change to read: 0x40: Timestamp signature. This signature is a signature over some other OpenPGP signature packet(s). It is only meaningful for the timestamp contained in it. I'm not advocating that outcome. I'm equally content to see it defined, marked for future use, or dropped. David From owner-ietf-openpgp@mail.imc.org Tue Apr 20 12:17:42 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA25986 for ; Tue, 20 Apr 2004 11:31:47 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3KFD0lu090578; Tue, 20 Apr 2004 08:13:00 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3KFD03M090577; Tue, 20 Apr 2004 08:13:00 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3KFCxbN090570 for ; Tue, 20 Apr 2004 08:13:00 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.ne.client2.attbi.com (walrus.ne.client2.attbi.com [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id i3KFD1u06793 for ; Tue, 20 Apr 2004 11:13:02 -0400 Received: from claude.jabberwocky.com ([172.24.84.27]) by walrus.ne.client2.attbi.com (8.12.8/8.12.8) with ESMTP id i3KFCuuG000358 for ; Tue, 20 Apr 2004 11:12:57 -0400 Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id i3KFCuq28000 for ietf-openpgp@imc.org; Tue, 20 Apr 2004 11:12:56 -0400 Date: Tue, 20 Apr 2004 11:12:56 -0400 From: David Shaw To: OpenPGP Subject: Re: "Yes, I can handle PGP/MIME" Message-ID: <20040420151256.GB27514@jabberwocky.com> Mail-Followup-To: OpenPGP References: <20040415154656.GA9480@jabberwocky.com> <200404161525.30889@fortytwo.ch> <407FF745.9000302@systemics.com> <200404190957.19325@fortytwo.ch> <73802EB0-9247-11D8-AA50-000A9568596C@callas.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <73802EB0-9247-11D8-AA50-000A9568596C@callas.org> X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-Request-PGP: http://www.jabberwocky.com/david/keys.asc X-Phase-Of-Moon: The Moon is Waxing Crescent (1% of Full) User-Agent: Mutt/1.5.6i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, Apr 19, 2004 at 02:20:58PM -0700, Jon Callas wrote: > > I'm considering this to be so controversial that there is no consensus > for it, and what bits of consensus there are lean away from it. I think there is consensus that such a flag should not be set in the "features" subpacket. There seemed to be at least some consensus that such a flag would be better placed in a "notation" subpacket. I'll leave it to the folks advocating a notation solution to propose something for that ;) David From owner-ietf-openpgp@mail.imc.org Wed Apr 21 16:27:33 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA12417 for ; Wed, 21 Apr 2004 16:27:33 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3LK7EXW005779; Wed, 21 Apr 2004 13:07:14 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3LK7EbW005778; Wed, 21 Apr 2004 13:07:14 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3LK7DJ0005758 for ; Wed, 21 Apr 2004 13:07:13 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.4) for ; Wed, 21 Apr 2004 13:07:14 -0700 Received: from [10.0.1.5] ([66.91.134.147]) by keys.merrymeet.com (PGP Universal service); Wed, 21 Apr 2004 13:07:14 -0700 Mime-Version: 1.0 (Apple Message framework v613) In-Reply-To: <20040420151028.GA27514@jabberwocky.com> References: <20040420004920.GH29690@jabberwocky.com> <20040420151028.GA27514@jabberwocky.com> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <7BD31B2B-93CF-11D8-AC79-000A9568596C@callas.org> Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Whither the 0x40 timestamp signature? Date: Wed, 21 Apr 2004 13:07:15 -0700 To: OpenPGP X-Mailer: Apple Mail (2.613) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit It's really easy to remove this. Ian has a good reason to remove it. I'll take Ian and David proposing removing it, as 0x50 has more function and is better defined. Does anyone object strongly? Anyone, anyone? Jon From owner-ietf-openpgp@mail.imc.org Wed Apr 21 22:50:15 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA11875 for ; Wed, 21 Apr 2004 22:50:15 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3M2VvdB037993; Wed, 21 Apr 2004 19:31:57 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3M2Vvak037992; Wed, 21 Apr 2004 19:31:57 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from thetis.deor.org (thetis.deor.org [207.106.86.210]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3M2VulL037985 for ; Wed, 21 Apr 2004 19:31:56 -0700 (PDT) (envelope-from rabbi@abditum.com) Received: by thetis.deor.org (Postfix, from userid 500) id 05E4F45067; Wed, 21 Apr 2004 19:32:00 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by thetis.deor.org (Postfix) with ESMTP id E9EC64802B; Wed, 21 Apr 2004 19:32:00 -0700 (PDT) Date: Wed, 21 Apr 2004 19:32:00 -0700 (PDT) From: Len Sassaman X-X-Sender: rabbi@thetis.deor.org To: Jon Callas Cc: OpenPGP Subject: Re: "Yes, I can handle PGP/MIME" In-Reply-To: <73802EB0-9247-11D8-AA50-000A9568596C@callas.org> Message-ID: References: <20040415154656.GA9480@jabberwocky.com> <200404161525.30889@fortytwo.ch> <407FF745.9000302@systemics.com> <200404190957.19325@fortytwo.ch> <73802EB0-9247-11D8-AA50-000A9568596C@callas.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, 19 Apr 2004, Jon Callas wrote: > > I'm considering this to be so controversial that there is no consensus > for it, and what bits of consensus there are lean away from it. My reading of the thread is that there is consensus that overloading the preferred key server packet is the incorrect way to denote PGP/MIME capabilities. There also appears to be consensus that we do need some way of indicating PGP/MIME capability. I advocate the use of the notation data packet for this purpose, but I would be perfectly happy if David's suggestions were implemented instead, and a new subpacket created to handle the issue. Either approach is valid, and I don't think anyone would criticize you for picking either. I do think this issue needs to be addressed decisively in the document, though, and I encourage you to pick one of the two options above. --Len. From owner-ietf-openpgp@mail.imc.org Thu Apr 22 04:40:29 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA11990 for ; Thu, 22 Apr 2004 04:40:29 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3M8NQlj028429; Thu, 22 Apr 2004 01:23:26 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3M8NQBV028428; Thu, 22 Apr 2004 01:23:26 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from branwen.iks-jena.de (root@branwen.iks-jena.de [217.17.192.90]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3M8NO9x028386 for ; Thu, 22 Apr 2004 01:23:25 -0700 (PDT) (envelope-from news@branwen.iks-jena.de) Received: from branwen.iks-jena.de (localhost [127.0.0.1]) by branwen.iks-jena.de (8.12.11/8.12.9) with ESMTP id i3M8NJRW017710 for ; Thu, 22 Apr 2004 10:23:19 +0200 Received: (from news@localhost) by branwen.iks-jena.de (8.12.11/8.12.1/Submit) id i3M8NJAJ017709 for ietf-openpgp@imc.org; Thu, 22 Apr 2004 10:23:19 +0200 To: ietf-openpgp@imc.org Path: not-for-mail From: Lutz Donnerhacke Newsgroups: iks.lists.ietf-open-pgp Subject: Re: Whither the 0x40 timestamp signature? Date: Thu, 22 Apr 2004 08:23:19 +0000 (UTC) Organization: IKS GmbH Jena Lines: 50 Message-ID: References: <20040420151028.GA27514@jabberwocky.com> NNTP-Posting-Host: taranis.iks-jena.de X-Trace: branwen.iks-jena.de 1082622199 16832 217.17.192.37 (22 Apr 2004 08:23:19 GMT) X-Complaints-To: usenet@iks-jena.de NNTP-Posting-Date: Thu, 22 Apr 2004 08:23:19 +0000 (UTC) User-Agent: slrn/0.9.8.0 (Linux) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: * David Shaw wrote: > If the intent is that 0x40 is in fact a signature over a signature > (and nothing else), then a simple fix is to change section 5.2.1, > which currently says: > > 0x40: Timestamp signature. > This signature is only meaningful for the timestamp contained > in it. > > Change to read: > > 0x40: Timestamp signature. > This signature is a signature over some other OpenPGP > signature packet(s). It is only meaningful for the timestamp > contained in it. > > I'm not advocating that outcome. I'm equally content to see it > defined, marked for future use, or dropped. I do have an application for this type of signature without providing the full meaning of notary (0x50) signatures. There is a full blown enviroment which requires timestamping at users end without involving a real notary timestamping service. The German signature law contains a protocol error in proofing signatures of withdrawn keys. The only sound solution requires an additional timestamp of every signature. The law assumes that the sender is responsible for providing the timestamp. A simple (non notary) timestamp to be included consists of two values: - name of the timestamping service - value of the timestamp Those values can be included in three ways: a) Defining (one or two) notation data packets to optionally include such a timestamp in every signature packet. b) Defining a 0x40 signature as hashing the refered signature, and both fields. c) Defining a 0x40 signature as hashing the refered signature and include the notation data packets from version a. Variant a seems the most interesting one. Variant c extents this variant to the possibility of timestamping a signature later (by an other person). So I'd vote for defining a signature subpackets or two notation data subpackets for providing (non notary) timestamping pruposes, and defining the 0x40 signature type to as a hash over the whole signature subpacket (followed by the normal signature process). It's recommented to include the timestamp subpackets into every 0x40 signature. Should I provide detailed description, or should we remove the whole part? From owner-ietf-openpgp@mail.imc.org Thu Apr 22 08:10:18 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA20799 for ; Thu, 22 Apr 2004 08:10:17 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3MBZ1qb062533; Thu, 22 Apr 2004 04:35:01 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3MBZ1pv062532; Thu, 22 Apr 2004 04:35:01 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from zbasel.fortytwo.ch (zbasel.fortytwo.ch [212.254.206.135]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3MBZ0LY062521 for ; Thu, 22 Apr 2004 04:35:00 -0700 (PDT) (envelope-from avbidder@fortytwo.ch) Received: from pc-4514.ethz.ch (pc-4514.ethz.ch [129.132.57.72]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "pc-4514.ethz.ch", Issuer "fortytwo.ch CA certificate" (verified OK)) by zbasel.fortytwo.ch (Postfix) with ESMTP id B354026D for ; Thu, 22 Apr 2004 13:34:53 +0200 (CEST) Received: by pc-4514.ethz.ch (Postfix, from userid 1000) id E907225DA05; Thu, 22 Apr 2004 13:34:52 +0200 (CEST) From: "Adrian 'Dagurashibanipal' von Bidder" To: OpenPGP Subject: Re: "Yes, I can handle PGP/MIME" Date: Thu, 22 Apr 2004 13:34:46 +0200 User-Agent: KMail/1.6.2 References: <20040415154656.GA9480@jabberwocky.com> <73802EB0-9247-11D8-AA50-000A9568596C@callas.org> <20040420151256.GB27514@jabberwocky.com> In-Reply-To: <20040420151256.GB27514@jabberwocky.com> MIME-Version: 1.0 Content-Disposition: inline Content-Type: Text/Plain; charset="iso-8859-1" Message-Id: <200404221334.52007@fortytwo.ch> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id i3MBZ1LY062527 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 8bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 20 April 2004 17.12, David Shaw wrote: > I'll leave it to the folks advocating a notation solution to propose > something for that ;) My proposal would be to use the reserved '@'-less notation namespace, and establish a pseudo-hierarchy just for the case notations for other areas of application should ever be needed. The name of the notation would be 'email.mimeencoding', the value either 'rfc3156' or 'clearsigned'. (I considered specifying rfc2440 instead, but I fear that's not clear enough as rfc3156-formatted email will still use rfc2440 technology...) Also, the specification should IMHO state that the default for v4 keys without this notation should be to use what the user specifies explicitely, or make a guess based on other data (mail headers of the mail I'm replying to, features of the key of the recipient, whatever the MUA developers can think of), or use PGP/MIME in the absence of any such information. This would have to go into an RFC (of its own - as stated, I don't think it should go into 2440++ since it is entirely application related), I guess, if this should become a standard. I question, however, if there is any chance that this is ever going to get implemented - I guess the gnupg side would be easy enough (set it on key generation or selfsig generation), but I don't know about the MUA side (and I certainly won't spend any efforts there, even though I'd welcome the feature.) One big drawback: all this is only useful when a key of the recipient is available. The situation I'm having a problem with is where the recipient does *not* have a public key at all, so all this won't solve that :-( But the happy conclusion: this certainly should not affect further work on rfc2440++ greetings - -- vbi - -- The content of this message may or may not reflect the opinion of me, my employer, my girlfriend, my cat or anybody else, regardless of the fact whether such an employer, girlfriend, cat, or anybody else exists. I (or my employer, girlfriend, cat or whoever) disclaim any legal obligations resulting from the above message. You, as the reader of this message, may or may not have the permission to redistribute this message as a whole or in parts, verbatim or in modified form, or to distribute any message at all. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: get my key from http://fortytwo.ch/gpg/92082481 iKcEARECAGcFAkCHrdtgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l6z2cAn1tTsN3BqJXoF+A1TQxwsCMA 9Kw1AKCBTXmx2gC+UNOVjTav3tbbm5rFiw== =1feP -----END PGP SIGNATURE----- From owner-ietf-openpgp@mail.imc.org Thu Apr 22 10:04:25 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA27787 for ; Thu, 22 Apr 2004 10:04:24 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3MCDubW065383; Thu, 22 Apr 2004 05:13:56 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3MCDuo9065382; Thu, 22 Apr 2004 05:13:56 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from www.enhyper.com (mailgate.enhyper.com [62.49.250.18]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3MCDtgV065374 for ; Thu, 22 Apr 2004 05:13:55 -0700 (PDT) (envelope-from iang@systemics.com) Received: from systemics.com (localhost.localdomain [127.0.0.1]) by www.enhyper.com (8.11.6/8.11.6) with ESMTP id i3MCDem05034; Thu, 22 Apr 2004 13:13:41 +0100 Message-ID: <4087B6D3.1000102@systemics.com> Date: Thu, 22 Apr 2004 08:13:07 -0400 From: Ian Grigg User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6b) Gecko/20040113 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Lutz Donnerhacke CC: ietf-openpgp@imc.org Subject: Re: Whither the 0x40 timestamp signature? References: <20040420151028.GA27514@jabberwocky.com> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Lutz Donnerhacke wrote: > I do have an application for this type of signature without providing the > full meaning of notary (0x50) signatures. When you say "I do have ..." are you saying that this is in existence, or that you are proposing this as a potential future use of 0x40 sigs? [description of App elided] > Should I provide detailed description, or should we remove the whole part? There are three reasons against your suggestion. One, that you seem to be defining a new app for an apparently unused but similar feature. If it is only a similar application, then we'd want to show that there are no extant uses of the allocated 0x40 code, etc, so that we don't end up with any confusion. (It's relatively ok for implementations to be confused, but the standard should not be...) (I guess it would be fine to *document* the prior use of the feature, from code.) Secondly, even if you could show that the old number was out of use, I'd still suggest formatting a new application with new bits and bobs, new meanings, and new text. Unless we are running out of bits in some obscure sense, I think it's better to leave old uses to die, and allocate new codes to new purposes, even if close. Thirdly (as I mooted in a prior post) I think we should be seriously considering putting the RFC process into feature freeze. So if there is anything *new* about this, such as a meaning, or an app still to be written, then I'd say the onus would be on the proposer to carefully make the case that this should go forward. E.g., once in feature freeze, we should switch attention to chopping deprecated and other dead-wood out there, and to fixing grammer and spelling and whatnot, and thinking about how it is that the darn thing gets finished. iang From owner-ietf-openpgp@mail.imc.org Thu Apr 22 10:30:28 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA00450 for ; Thu, 22 Apr 2004 10:30:27 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3MEEXgL075061; Thu, 22 Apr 2004 07:14:33 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3MEEX9p075060; Thu, 22 Apr 2004 07:14:33 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from branwen.iks-jena.de (root@branwen.iks-jena.de [217.17.192.90]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3MEEV5T075054 for ; Thu, 22 Apr 2004 07:14:32 -0700 (PDT) (envelope-from news@branwen.iks-jena.de) Received: from branwen.iks-jena.de (localhost [127.0.0.1]) by branwen.iks-jena.de (8.12.11/8.12.9) with ESMTP id i3MEEXrM029031 for ; Thu, 22 Apr 2004 16:14:33 +0200 Received: (from news@localhost) by branwen.iks-jena.de (8.12.11/8.12.1/Submit) id i3MEEXJo029030 for ietf-openpgp@imc.org; Thu, 22 Apr 2004 16:14:33 +0200 To: ietf-openpgp@imc.org Path: not-for-mail From: Lutz Donnerhacke Newsgroups: iks.lists.ietf-open-pgp Subject: Re: Whither the 0x40 timestamp signature? Date: Thu, 22 Apr 2004 14:14:33 +0000 (UTC) Organization: IKS GmbH Jena Lines: 22 Message-ID: References: <4087B6D3.1000102@systemics.com> NNTP-Posting-Host: taranis.iks-jena.de X-Trace: branwen.iks-jena.de 1082643273 21977 217.17.192.37 (22 Apr 2004 14:14:33 GMT) X-Complaints-To: usenet@iks-jena.de NNTP-Posting-Date: Thu, 22 Apr 2004 14:14:33 +0000 (UTC) User-Agent: slrn/0.9.8.0 (Linux) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: * Ian Grigg wrote: > Lutz Donnerhacke wrote: >> I do have an application for this type of signature without providing >> the full meaning of notary (0x50) signatures. > > When you say "I do have ..." are you saying that this > is in existence, or that you are proposing this as a > potential future use of 0x40 sigs? Only a potential future use. I'd only show a real world need for such things. > some obscure sense, I think it's better to leave old > uses to die, and allocate new codes to new purposes, > even if close. Ok. Remove it. > Thirdly (as I mooted in a prior post) I think we should > be seriously considering putting the RFC process into > feature freeze. Ack. From owner-ietf-openpgp@mail.imc.org Thu Apr 22 15:34:36 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA21819 for ; Thu, 22 Apr 2004 15:34:35 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3MJC0cR005478; Thu, 22 Apr 2004 12:12:00 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3MJC0Au005477; Thu, 22 Apr 2004 12:12:00 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3MJC0qj005467 for ; Thu, 22 Apr 2004 12:12:00 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.4) for ; Thu, 22 Apr 2004 12:12:03 -0700 Received: from [10.0.1.12] ([66.91.134.147]) by keys.merrymeet.com (PGP Universal service); Thu, 22 Apr 2004 12:12:01 -0700 Mime-Version: 1.0 (Apple Message framework v613) In-Reply-To: <200404221334.52007@fortytwo.ch> References: <20040415154656.GA9480@jabberwocky.com> <73802EB0-9247-11D8-AA50-000A9568596C@callas.org> <20040420151256.GB27514@jabberwocky.com> <200404221334.52007@fortytwo.ch> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: "Yes, I can handle PGP/MIME" Date: Thu, 22 Apr 2004 12:12:05 -0700 To: OpenPGP X-Mailer: Apple Mail (2.613) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit I disagree with where this is going. The point of having notations is so that someone can put data into a signature without having to have it be part of the standard -- without having to get a consensus on it. If we put this in the standard, but define it to be a notation of "rfc3156":{y|n} (or some other syntax) then we've done exactly what David proposed, but improved his proposal by making it bigger and harder to parse. If the answer to the proposal is "put it in a notation" then to me that is implicitly saying it should not be part of the standard; it should be handled in an ad-hoc manner. That's a fine answer. If the answer to the proposal is that it should be in the standard, than a syntax like David's is the correct way. I don't hear a consensus for putting this in. If other people want to use notations for an ad-hoc implementation, great. Jon From owner-ietf-openpgp@mail.imc.org Fri Apr 23 03:24:11 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA19003 for ; Fri, 23 Apr 2004 03:24:11 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3N6uTNv092177; Thu, 22 Apr 2004 23:56:29 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3N6uT8v092176; Thu, 22 Apr 2004 23:56:29 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from zbasel.fortytwo.ch (zbasel.fortytwo.ch [212.254.206.135]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3N6uPiM092145 for ; Thu, 22 Apr 2004 23:56:28 -0700 (PDT) (envelope-from avbidder@fortytwo.ch) Received: from pc-4514.ethz.ch (pc-4514.ethz.ch [129.132.57.72]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "pc-4514.ethz.ch", Issuer "fortytwo.ch CA certificate" (verified OK)) by zbasel.fortytwo.ch (Postfix) with ESMTP id 4196816A for ; Fri, 23 Apr 2004 08:56:23 +0200 (CEST) Received: by pc-4514.ethz.ch (Postfix, from userid 1000) id 5097B25DA56; Fri, 23 Apr 2004 08:56:22 +0200 (CEST) From: "Adrian 'Dagurashibanipal' von Bidder" To: OpenPGP Subject: Re: "Yes, I can handle PGP/MIME" Date: Fri, 23 Apr 2004 08:56:18 +0200 User-Agent: KMail/1.6.2 References: <20040415154656.GA9480@jabberwocky.com> <200404221334.52007@fortytwo.ch> In-Reply-To: MIME-Version: 1.0 Content-Disposition: inline Content-Type: Text/Plain; charset="iso-8859-1" Message-Id: <200404230856.22093@fortytwo.ch> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id i3N6uTiM092170 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 8bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [text reordered to take the interesting bits to the top] On Thursday 22 April 2004 21.12, Jon wrote: > I don't hear a consensus for putting this in. If other people want to > use notations for an ad-hoc implementation, great. Reviewing the thread, I see - Ian proposing not to add this issue to OpenPGP - David originally bringing up the matter and later: | I think there is consensus that such a flag should not be set in | the "features" subpacket. There seemed to be at least some | consensus that such a flag would be better placed in a "notation" | subpacket. - Will describing a hack used by the PGP, Inc. folks. - Holger speaking out against a flag, in favour of the notation. Thus I think consesus is more or less not to include this topic in OpenPGP. The open questions would be - if this topic should be put into an RFC as a notation in IETF name space, is this WG on-topic for this? (I think probably yes.) - who does the work? (I might be persuaded to write the RFC, if somebody with IETF experience helps.) - is it worth it? (I still believe that the chances for MUAs to actually implement this are slim. Any MUA developers here?) (Obviously, I won't be offering my time to write the RFC if no MUA will ever implement it. I don't have the time to dig into MUA developing anytime soon, though.) =========== > I disagree with where this is going. > > The point of having notations is so that someone can put data into a > signature without having to have it be part of the standard -- > without having to get a consensus on it. Right, insofar as it concerns the OpenPGP standard. I think you misunderstand me. The main objection I see is that starting such application specific flags into the standard will bloat it - can we have bits for OpenPGP applications in IRC or instant messaging systems, too, please? By using a notation without '@' in the name (IETF reserved namespace) we get a way to leave this out of the OpenPGP standard, and have the possibility to standardize this in another RFC. [...] > If the answer to the proposal is "put it in a notation" then to me > that is implicitly saying it should not be part of the standard; I believe I was saying this explicitly, not just implicitly. > it > should be handled in an ad-hoc manner. No, it should be standardized (as, presumably, all notations using the IETF reserved namespace should be), but the standard should not be part of OpenPGP. [...] Greetings - -- vbi - -- Available for key signing in Zürich and Basel, Switzerland (what's this? Look at http://fortytwo.ch/gpg/intro) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: get my key from http://fortytwo.ch/gpg/92082481 iKcEARECAGcFAkCIvhZgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l6NLAAn0pkMSWFWj75uTSrKEKrWdXn 3FuPAJ4tQO2RMVagYFVPP9pr9IWUyhqgrw== =4zz8 -----END PGP SIGNATURE----- From owner-ietf-openpgp@mail.imc.org Sat Apr 24 06:17:42 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA06164 for ; Sat, 24 Apr 2004 06:17:41 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i3O9mGHQ031163; Sat, 24 Apr 2004 02:48:16 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3O9mG5j031162; Sat, 24 Apr 2004 02:48:16 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.enyo.de (mail.enyo.de [212.9.189.167]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i3O9mE2w031153 for ; Sat, 24 Apr 2004 02:48:15 -0700 (PDT) (envelope-from fw@deneb.enyo.de) Received: (debugging) helo=deneb ip=212.9.189.171 name=deneb.enyo.de Received: from deneb.enyo.de ([212.9.189.171] helo=deneb) by mail.enyo.de with esmtp id 1BHJlX-0007H6-4O; Sat, 24 Apr 2004 11:48:07 +0200 Received: from fw by deneb with local (Exim 4.32) id 1BHJlW-000173-N1; Sat, 24 Apr 2004 11:48:06 +0200 To: Lutz Donnerhacke Cc: ietf-openpgp@imc.org Subject: Re: Whither the 0x40 timestamp signature? References: <20040420151028.GA27514@jabberwocky.com> From: Florian Weimer Date: Sat, 24 Apr 2004 11:48:06 +0200 In-Reply-To: (Lutz Donnerhacke's message of "Thu, 22 Apr 2004 08:23:19 +0000 (UTC)") Message-ID: <87wu45emg9.fsf@deneb.enyo.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Lutz Donnerhacke writes: > I do have an application for this type of signature without providing the > full meaning of notary (0x50) signatures. > > There is a full blown enviroment which requires timestamping at users end > without involving a real notary timestamping service. The German signature > law contains a protocol error in proofing signatures of withdrawn keys. The > only sound solution requires an additional timestamp of every signature. The > law assumes that the sender is responsible for providing the timestamp. SigG/SigV conformance of OpenPGP applications is not going to happen (and is not even desirable IMHO). RFC 2440bis should simply state that there are a few flags for which future RFCs may specify semantics. Consensus on this list seems to be that RFC 2440bis should remain a format spec, and signature semantics would clearly be beyond its scope. -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: atlas.cz, bigpond.com, postino.it, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr. From owner-ietf-openpgp@mail.imc.org Sat Apr 24 13:16:31 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA24250 for ; Sat, 24 Apr 2004 13:16:30 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i3OGxWKH060464; Sat, 24 Apr 2004 09:59:32 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3OGxWx0060463; Sat, 24 Apr 2004 09:59:32 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from thetis.deor.org (thetis.deor.org [207.106.86.210]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i3OGxVGu060456 for ; Sat, 24 Apr 2004 09:59:32 -0700 (PDT) (envelope-from rabbi@abditum.com) Received: by thetis.deor.org (Postfix, from userid 500) id DA4E04516C; Sat, 24 Apr 2004 09:59:33 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by thetis.deor.org (Postfix) with ESMTP id 641D948030; Sat, 24 Apr 2004 09:59:33 -0700 (PDT) Date: Sat, 24 Apr 2004 09:59:33 -0700 (PDT) From: Len Sassaman X-X-Sender: rabbi@thetis.deor.org To: Jon Callas Cc: OpenPGP Subject: Re: "Yes, I can handle PGP/MIME" In-Reply-To: Message-ID: References: <20040415154656.GA9480@jabberwocky.com> <73802EB0-9247-11D8-AA50-000A9568596C@callas.org> <20040420151256.GB27514@jabberwocky.com> <200404221334.52007@fortytwo.ch> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Thu, 22 Apr 2004, Jon Callas wrote: > I disagree with where this is going. > > The point of having notations is so that someone can put data into a > signature without having to have it be part of the standard -- without > having to get a consensus on it. Agreed. This was my reason for bringing it up in the first place -- I think that, without a means in OpenPGP for specifying the MIME preference, this is what PGP Universal *should have* done. > If we put this in the standard, but define it to be a notation of > "rfc3156":{y|n} (or some other syntax) then we've done exactly what > David proposed, but improved his proposal by making it bigger and > harder to parse. [snip] > I don't hear a consensus for putting this in. If other people want to > use notations for an ad-hoc implementation, great. Okay. Then in the interest of achieving a consensus on this matter, I hereby retract my suggestion that the OpenPGP/MIME preference be expressed in the notation data field, and endorse David's proposal that we add an additional subpacket flag. Are other backers of the notation-data proposal willing to do the same? Please speak up. The primary use of OpenPGP is email. While that may change in the future, hypothetical concerns about instant messaging foo aren't presently an issue. We have MUAs claiming "inline messages" are "old-format" and deprecated, and we have users generating PGP/MIME messages which cannot be processed by their recipients. Obviously there's a need for a means of expressing this preference -- the GnuPG authors are asking for it, and the PGP authors have already gone ahead with their own hack. This additional flag adds minimal bloat to the standard, and addresses a major usability problem with OpenPGP. I think it is a mistake to dismiss this issue or require that yet another RFC be created to address it. --Len. From owner-ietf-openpgp@mail.imc.org Sun Apr 25 11:18:50 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA02613 for ; Sun, 25 Apr 2004 11:18:49 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i3PEv6uh030712; Sun, 25 Apr 2004 07:57:06 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3PEv6EF030711; Sun, 25 Apr 2004 07:57:06 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from ethos.braverock.com (IDENT:sZk0wsenxN0L3TS9g7lYZ3GKAyxVfIbO@dsl092-142-180.chi1.dsl.speakeasy.net [66.92.142.180]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i3PEv5nv030703 for ; Sun, 25 Apr 2004 07:57:06 -0700 (PDT) (envelope-from brian@braverock.com) Received: from [10.23.1.104] (dhcp.braverock.com [66.92.142.162]) (authenticated bits=0) by ethos.braverock.com (8.12.8/8.12.8) with ESMTP id i3PEv59U002342 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for ; Sun, 25 Apr 2004 09:57:06 -0500 Subject: Re: "Yes, I can handle PGP/MIME" From: "Brian G. Peterson" Reply-To: brian@braverock.com To: OpenPGP In-Reply-To: References: <20040415154656.GA9480@jabberwocky.com> <73802EB0-9247-11D8-AA50-000A9568596C@callas.org> <20040420151256.GB27514@jabberwocky.com> <200404221334.52007@fortytwo.ch> Content-Type: text/plain Message-Id: <1082904998.23397.41.camel@localhost,> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Sun, 25 Apr 2004 09:56:38 -0500 Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On Sat, 2004-04-24 at 11:59, Len Sassaman wrote: > We have MUAs claiming "inline messages" are "old-format" and > deprecated, and we have users generating PGP/MIME messages which cannot be > processed by their recipients. Obviously there's a need for a means of > expressing this preference -- the GnuPG authors are asking for it, and the > PGP authors have already gone ahead with their own hack. I think this is the core problem that requires a solution. RFC 3156 doesn't deprecate inline messages, and I would like to see a way of making it clear that MUA's that refuse to decrypt/verify in-line messages are *not* compliant with the OpenPGP standard set forth in RFC2440bis because the can't verify/decrypt valid OpenPGP data. As an implementor, I don't care whether it is in the notation or in a data packet. notation is easier for human-parsing, and only marginally more difficult for machine parsing. A data packet cannot be parsed by a human reader, so adoption will be slowed until at least GnuPG and Commercial PGP release versions that support the new standard. I think that is the central trade-off. Any future revision of RFC3156 will need to take into account verification of message data or signatures outside of MUA's as well, but that is another topic for a different thread. Regards, - Brian From owner-ietf-openpgp@mail.imc.org Mon Apr 26 03:25:51 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA28530 for ; Mon, 26 Apr 2004 03:25:51 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i3Q74Urb054073; Mon, 26 Apr 2004 00:04:30 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3Q74U31054072; Mon, 26 Apr 2004 00:04:30 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from zbasel.fortytwo.ch (zbasel.fortytwo.ch [212.254.206.135]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i3Q74Smu054031 for ; Mon, 26 Apr 2004 00:04:29 -0700 (PDT) (envelope-from avbidder@fortytwo.ch) Received: from pc-4514.ethz.ch (pc-4514.ethz.ch [129.132.57.72]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "pc-4514.ethz.ch", Issuer "fortytwo.ch CA certificate" (verified OK)) by zbasel.fortytwo.ch (Postfix) with ESMTP id 44C775BA for ; Mon, 26 Apr 2004 09:04:23 +0200 (CEST) Received: by pc-4514.ethz.ch (Postfix, from userid 1000) id AA69925DAD4; Mon, 26 Apr 2004 09:04:22 +0200 (CEST) From: "Adrian 'Dagurashibanipal' von Bidder" To: OpenPGP Subject: Re: "Yes, I can handle PGP/MIME" Date: Mon, 26 Apr 2004 09:04:21 +0200 User-Agent: KMail/1.6.2 References: <20040415154656.GA9480@jabberwocky.com> In-Reply-To: MIME-Version: 1.0 Content-Disposition: inline Content-Type: Text/Plain; charset="iso-8859-1" Message-Id: <200404260904.22463@fortytwo.ch> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id i3Q74Tmu054066 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 8bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 24 April 2004 18.59, Len Sassaman wrote: > On Thu, 22 Apr 2004, Jon Callas wrote: > > I don't hear a consensus for putting this in. If other people want > > to use notations for an ad-hoc implementation, great. > > Okay. Then in the interest of achieving a consensus on this matter, I > hereby retract my suggestion that the OpenPGP/MIME preference be > expressed in the notation data field, and endorse David's proposal > that we add an additional subpacket flag. Are other backers of the > notation-data proposal willing to do the same? Please speak up. As I my role here is that of interested bystander and as I won't be the one to implement any of the proposed solutions, I say it's up to the people really working with this stuff. greetings - -- vbi - -- Could this mail be a fake? (Answer: No! - http://fortytwo.ch/gpg/intro) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: get my key from http://fortytwo.ch/gpg/92082481 iKcEARECAGcFAkCMtHVgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l6tBgAnR8BQrQa097THNslgtT+eNK3 x5kYAJ49/DtpODv8KNxpfkEmQRwdsp5Ozw== =vqh6 -----END PGP SIGNATURE----- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i3Q74Urb054073; Mon, 26 Apr 2004 00:04:30 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3Q74U31054072; Mon, 26 Apr 2004 00:04:30 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from zbasel.fortytwo.ch (zbasel.fortytwo.ch [212.254.206.135]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i3Q74Smu054031 for ; Mon, 26 Apr 2004 00:04:29 -0700 (PDT) (envelope-from avbidder@fortytwo.ch) Received: from pc-4514.ethz.ch (pc-4514.ethz.ch [129.132.57.72]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "pc-4514.ethz.ch", Issuer "fortytwo.ch CA certificate" (verified OK)) by zbasel.fortytwo.ch (Postfix) with ESMTP id 44C775BA for ; Mon, 26 Apr 2004 09:04:23 +0200 (CEST) Received: by pc-4514.ethz.ch (Postfix, from userid 1000) id AA69925DAD4; Mon, 26 Apr 2004 09:04:22 +0200 (CEST) From: "Adrian 'Dagurashibanipal' von Bidder" To: OpenPGP Subject: Re: "Yes, I can handle PGP/MIME" Date: Mon, 26 Apr 2004 09:04:21 +0200 User-Agent: KMail/1.6.2 References: <20040415154656.GA9480@jabberwocky.com> In-Reply-To: MIME-Version: 1.0 Content-Disposition: inline Content-Type: Text/Plain; charset="iso-8859-1" Message-Id: <200404260904.22463@fortytwo.ch> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id i3Q74Tmu054066 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 24 April 2004 18.59, Len Sassaman wrote: > On Thu, 22 Apr 2004, Jon Callas wrote: > > I don't hear a consensus for putting this in. If other people want > > to use notations for an ad-hoc implementation, great. > > Okay. Then in the interest of achieving a consensus on this matter, I > hereby retract my suggestion that the OpenPGP/MIME preference be > expressed in the notation data field, and endorse David's proposal > that we add an additional subpacket flag. Are other backers of the > notation-data proposal willing to do the same? Please speak up. As I my role here is that of interested bystander and as I won't be the one to implement any of the proposed solutions, I say it's up to the people really working with this stuff. greetings - -- vbi - -- Could this mail be a fake? (Answer: No! - http://fortytwo.ch/gpg/intro) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: get my key from http://fortytwo.ch/gpg/92082481 iKcEARECAGcFAkCMtHVgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l6tBgAnR8BQrQa097THNslgtT+eNK3 x5kYAJ49/DtpODv8KNxpfkEmQRwdsp5Ozw== =vqh6 -----END PGP SIGNATURE----- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i3PEv6uh030712; Sun, 25 Apr 2004 07:57:06 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3PEv6EF030711; Sun, 25 Apr 2004 07:57:06 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from ethos.braverock.com (IDENT:sZk0wsenxN0L3TS9g7lYZ3GKAyxVfIbO@dsl092-142-180.chi1.dsl.speakeasy.net [66.92.142.180]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i3PEv5nv030703 for ; Sun, 25 Apr 2004 07:57:06 -0700 (PDT) (envelope-from brian@braverock.com) Received: from [10.23.1.104] (dhcp.braverock.com [66.92.142.162]) (authenticated bits=0) by ethos.braverock.com (8.12.8/8.12.8) with ESMTP id i3PEv59U002342 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for ; Sun, 25 Apr 2004 09:57:06 -0500 Subject: Re: "Yes, I can handle PGP/MIME" From: "Brian G. Peterson" Reply-To: brian@braverock.com To: OpenPGP In-Reply-To: References: <20040415154656.GA9480@jabberwocky.com> <73802EB0-9247-11D8-AA50-000A9568596C@callas.org> <20040420151256.GB27514@jabberwocky.com> <200404221334.52007@fortytwo.ch> Content-Type: text/plain Message-Id: <1082904998.23397.41.camel@localhost,> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Sun, 25 Apr 2004 09:56:38 -0500 Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Sat, 2004-04-24 at 11:59, Len Sassaman wrote: > We have MUAs claiming "inline messages" are "old-format" and > deprecated, and we have users generating PGP/MIME messages which cannot be > processed by their recipients. Obviously there's a need for a means of > expressing this preference -- the GnuPG authors are asking for it, and the > PGP authors have already gone ahead with their own hack. I think this is the core problem that requires a solution. RFC 3156 doesn't deprecate inline messages, and I would like to see a way of making it clear that MUA's that refuse to decrypt/verify in-line messages are *not* compliant with the OpenPGP standard set forth in RFC2440bis because the can't verify/decrypt valid OpenPGP data. As an implementor, I don't care whether it is in the notation or in a data packet. notation is easier for human-parsing, and only marginally more difficult for machine parsing. A data packet cannot be parsed by a human reader, so adoption will be slowed until at least GnuPG and Commercial PGP release versions that support the new standard. I think that is the central trade-off. Any future revision of RFC3156 will need to take into account verification of message data or signatures outside of MUA's as well, but that is another topic for a different thread. Regards, - Brian Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i3OGxWKH060464; Sat, 24 Apr 2004 09:59:32 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3OGxWx0060463; Sat, 24 Apr 2004 09:59:32 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from thetis.deor.org (thetis.deor.org [207.106.86.210]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i3OGxVGu060456 for ; Sat, 24 Apr 2004 09:59:32 -0700 (PDT) (envelope-from rabbi@abditum.com) Received: by thetis.deor.org (Postfix, from userid 500) id DA4E04516C; Sat, 24 Apr 2004 09:59:33 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by thetis.deor.org (Postfix) with ESMTP id 641D948030; Sat, 24 Apr 2004 09:59:33 -0700 (PDT) Date: Sat, 24 Apr 2004 09:59:33 -0700 (PDT) From: Len Sassaman X-X-Sender: rabbi@thetis.deor.org To: Jon Callas Cc: OpenPGP Subject: Re: "Yes, I can handle PGP/MIME" In-Reply-To: Message-ID: References: <20040415154656.GA9480@jabberwocky.com> <73802EB0-9247-11D8-AA50-000A9568596C@callas.org> <20040420151256.GB27514@jabberwocky.com> <200404221334.52007@fortytwo.ch> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Thu, 22 Apr 2004, Jon Callas wrote: > I disagree with where this is going. > > The point of having notations is so that someone can put data into a > signature without having to have it be part of the standard -- without > having to get a consensus on it. Agreed. This was my reason for bringing it up in the first place -- I think that, without a means in OpenPGP for specifying the MIME preference, this is what PGP Universal *should have* done. > If we put this in the standard, but define it to be a notation of > "rfc3156":{y|n} (or some other syntax) then we've done exactly what > David proposed, but improved his proposal by making it bigger and > harder to parse. [snip] > I don't hear a consensus for putting this in. If other people want to > use notations for an ad-hoc implementation, great. Okay. Then in the interest of achieving a consensus on this matter, I hereby retract my suggestion that the OpenPGP/MIME preference be expressed in the notation data field, and endorse David's proposal that we add an additional subpacket flag. Are other backers of the notation-data proposal willing to do the same? Please speak up. The primary use of OpenPGP is email. While that may change in the future, hypothetical concerns about instant messaging foo aren't presently an issue. We have MUAs claiming "inline messages" are "old-format" and deprecated, and we have users generating PGP/MIME messages which cannot be processed by their recipients. Obviously there's a need for a means of expressing this preference -- the GnuPG authors are asking for it, and the PGP authors have already gone ahead with their own hack. This additional flag adds minimal bloat to the standard, and addresses a major usability problem with OpenPGP. I think it is a mistake to dismiss this issue or require that yet another RFC be created to address it. --Len. Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i3O9mGHQ031163; Sat, 24 Apr 2004 02:48:16 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3O9mG5j031162; Sat, 24 Apr 2004 02:48:16 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.enyo.de (mail.enyo.de [212.9.189.167]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i3O9mE2w031153 for ; Sat, 24 Apr 2004 02:48:15 -0700 (PDT) (envelope-from fw@deneb.enyo.de) Received: (debugging) helo=deneb ip=212.9.189.171 name=deneb.enyo.de Received: from deneb.enyo.de ([212.9.189.171] helo=deneb) by mail.enyo.de with esmtp id 1BHJlX-0007H6-4O; Sat, 24 Apr 2004 11:48:07 +0200 Received: from fw by deneb with local (Exim 4.32) id 1BHJlW-000173-N1; Sat, 24 Apr 2004 11:48:06 +0200 To: Lutz Donnerhacke Cc: ietf-openpgp@imc.org Subject: Re: Whither the 0x40 timestamp signature? References: <20040420151028.GA27514@jabberwocky.com> From: Florian Weimer Date: Sat, 24 Apr 2004 11:48:06 +0200 In-Reply-To: (Lutz Donnerhacke's message of "Thu, 22 Apr 2004 08:23:19 +0000 (UTC)") Message-ID: <87wu45emg9.fsf@deneb.enyo.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Lutz Donnerhacke writes: > I do have an application for this type of signature without providing the > full meaning of notary (0x50) signatures. > > There is a full blown enviroment which requires timestamping at users end > without involving a real notary timestamping service. The German signature > law contains a protocol error in proofing signatures of withdrawn keys. The > only sound solution requires an additional timestamp of every signature. The > law assumes that the sender is responsible for providing the timestamp. SigG/SigV conformance of OpenPGP applications is not going to happen (and is not even desirable IMHO). RFC 2440bis should simply state that there are a few flags for which future RFCs may specify semantics. Consensus on this list seems to be that RFC 2440bis should remain a format spec, and signature semantics would clearly be beyond its scope. -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: atlas.cz, bigpond.com, postino.it, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr. Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3N6uTNv092177; Thu, 22 Apr 2004 23:56:29 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3N6uT8v092176; Thu, 22 Apr 2004 23:56:29 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from zbasel.fortytwo.ch (zbasel.fortytwo.ch [212.254.206.135]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3N6uPiM092145 for ; Thu, 22 Apr 2004 23:56:28 -0700 (PDT) (envelope-from avbidder@fortytwo.ch) Received: from pc-4514.ethz.ch (pc-4514.ethz.ch [129.132.57.72]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "pc-4514.ethz.ch", Issuer "fortytwo.ch CA certificate" (verified OK)) by zbasel.fortytwo.ch (Postfix) with ESMTP id 4196816A for ; Fri, 23 Apr 2004 08:56:23 +0200 (CEST) Received: by pc-4514.ethz.ch (Postfix, from userid 1000) id 5097B25DA56; Fri, 23 Apr 2004 08:56:22 +0200 (CEST) From: "Adrian 'Dagurashibanipal' von Bidder" To: OpenPGP Subject: Re: "Yes, I can handle PGP/MIME" Date: Fri, 23 Apr 2004 08:56:18 +0200 User-Agent: KMail/1.6.2 References: <20040415154656.GA9480@jabberwocky.com> <200404221334.52007@fortytwo.ch> In-Reply-To: MIME-Version: 1.0 Content-Disposition: inline Content-Type: Text/Plain; charset="iso-8859-1" Message-Id: <200404230856.22093@fortytwo.ch> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id i3N6uTiM092170 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [text reordered to take the interesting bits to the top] On Thursday 22 April 2004 21.12, Jon wrote: > I don't hear a consensus for putting this in. If other people want to > use notations for an ad-hoc implementation, great. Reviewing the thread, I see - Ian proposing not to add this issue to OpenPGP - David originally bringing up the matter and later: | I think there is consensus that such a flag should not be set in | the "features" subpacket. There seemed to be at least some | consensus that such a flag would be better placed in a "notation" | subpacket. - Will describing a hack used by the PGP, Inc. folks. - Holger speaking out against a flag, in favour of the notation. Thus I think consesus is more or less not to include this topic in OpenPGP. The open questions would be - if this topic should be put into an RFC as a notation in IETF name space, is this WG on-topic for this? (I think probably yes.) - who does the work? (I might be persuaded to write the RFC, if somebody with IETF experience helps.) - is it worth it? (I still believe that the chances for MUAs to actually implement this are slim. Any MUA developers here?) (Obviously, I won't be offering my time to write the RFC if no MUA will ever implement it. I don't have the time to dig into MUA developing anytime soon, though.) =========== > I disagree with where this is going. > > The point of having notations is so that someone can put data into a > signature without having to have it be part of the standard -- > without having to get a consensus on it. Right, insofar as it concerns the OpenPGP standard. I think you misunderstand me. The main objection I see is that starting such application specific flags into the standard will bloat it - can we have bits for OpenPGP applications in IRC or instant messaging systems, too, please? By using a notation without '@' in the name (IETF reserved namespace) we get a way to leave this out of the OpenPGP standard, and have the possibility to standardize this in another RFC. [...] > If the answer to the proposal is "put it in a notation" then to me > that is implicitly saying it should not be part of the standard; I believe I was saying this explicitly, not just implicitly. > it > should be handled in an ad-hoc manner. No, it should be standardized (as, presumably, all notations using the IETF reserved namespace should be), but the standard should not be part of OpenPGP. [...] Greetings - -- vbi - -- Available for key signing in Zürich and Basel, Switzerland (what's this? Look at http://fortytwo.ch/gpg/intro) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: get my key from http://fortytwo.ch/gpg/92082481 iKcEARECAGcFAkCIvhZgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l6NLAAn0pkMSWFWj75uTSrKEKrWdXn 3FuPAJ4tQO2RMVagYFVPP9pr9IWUyhqgrw== =4zz8 -----END PGP SIGNATURE----- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3MJC0cR005478; Thu, 22 Apr 2004 12:12:00 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3MJC0Au005477; Thu, 22 Apr 2004 12:12:00 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3MJC0qj005467 for ; Thu, 22 Apr 2004 12:12:00 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.4) for ; Thu, 22 Apr 2004 12:12:03 -0700 Received: from [10.0.1.12] ([66.91.134.147]) by keys.merrymeet.com (PGP Universal service); Thu, 22 Apr 2004 12:12:01 -0700 Mime-Version: 1.0 (Apple Message framework v613) In-Reply-To: <200404221334.52007@fortytwo.ch> References: <20040415154656.GA9480@jabberwocky.com> <73802EB0-9247-11D8-AA50-000A9568596C@callas.org> <20040420151256.GB27514@jabberwocky.com> <200404221334.52007@fortytwo.ch> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: "Yes, I can handle PGP/MIME" Date: Thu, 22 Apr 2004 12:12:05 -0700 To: OpenPGP X-Mailer: Apple Mail (2.613) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I disagree with where this is going. The point of having notations is so that someone can put data into a signature without having to have it be part of the standard -- without having to get a consensus on it. If we put this in the standard, but define it to be a notation of "rfc3156":{y|n} (or some other syntax) then we've done exactly what David proposed, but improved his proposal by making it bigger and harder to parse. If the answer to the proposal is "put it in a notation" then to me that is implicitly saying it should not be part of the standard; it should be handled in an ad-hoc manner. That's a fine answer. If the answer to the proposal is that it should be in the standard, than a syntax like David's is the correct way. I don't hear a consensus for putting this in. If other people want to use notations for an ad-hoc implementation, great. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3MEEXgL075061; Thu, 22 Apr 2004 07:14:33 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3MEEX9p075060; Thu, 22 Apr 2004 07:14:33 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from branwen.iks-jena.de (root@branwen.iks-jena.de [217.17.192.90]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3MEEV5T075054 for ; Thu, 22 Apr 2004 07:14:32 -0700 (PDT) (envelope-from news@branwen.iks-jena.de) Received: from branwen.iks-jena.de (localhost [127.0.0.1]) by branwen.iks-jena.de (8.12.11/8.12.9) with ESMTP id i3MEEXrM029031 for ; Thu, 22 Apr 2004 16:14:33 +0200 Received: (from news@localhost) by branwen.iks-jena.de (8.12.11/8.12.1/Submit) id i3MEEXJo029030 for ietf-openpgp@imc.org; Thu, 22 Apr 2004 16:14:33 +0200 To: ietf-openpgp@imc.org Path: not-for-mail From: Lutz Donnerhacke Newsgroups: iks.lists.ietf-open-pgp Subject: Re: Whither the 0x40 timestamp signature? Date: Thu, 22 Apr 2004 14:14:33 +0000 (UTC) Organization: IKS GmbH Jena Lines: 22 Message-ID: References: <4087B6D3.1000102@systemics.com> NNTP-Posting-Host: taranis.iks-jena.de X-Trace: branwen.iks-jena.de 1082643273 21977 217.17.192.37 (22 Apr 2004 14:14:33 GMT) X-Complaints-To: usenet@iks-jena.de NNTP-Posting-Date: Thu, 22 Apr 2004 14:14:33 +0000 (UTC) User-Agent: slrn/0.9.8.0 (Linux) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: * Ian Grigg wrote: > Lutz Donnerhacke wrote: >> I do have an application for this type of signature without providing >> the full meaning of notary (0x50) signatures. > > When you say "I do have ..." are you saying that this > is in existence, or that you are proposing this as a > potential future use of 0x40 sigs? Only a potential future use. I'd only show a real world need for such things. > some obscure sense, I think it's better to leave old > uses to die, and allocate new codes to new purposes, > even if close. Ok. Remove it. > Thirdly (as I mooted in a prior post) I think we should > be seriously considering putting the RFC process into > feature freeze. Ack. Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3MCDubW065383; Thu, 22 Apr 2004 05:13:56 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3MCDuo9065382; Thu, 22 Apr 2004 05:13:56 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from www.enhyper.com (mailgate.enhyper.com [62.49.250.18]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3MCDtgV065374 for ; Thu, 22 Apr 2004 05:13:55 -0700 (PDT) (envelope-from iang@systemics.com) Received: from systemics.com (localhost.localdomain [127.0.0.1]) by www.enhyper.com (8.11.6/8.11.6) with ESMTP id i3MCDem05034; Thu, 22 Apr 2004 13:13:41 +0100 Message-ID: <4087B6D3.1000102@systemics.com> Date: Thu, 22 Apr 2004 08:13:07 -0400 From: Ian Grigg User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6b) Gecko/20040113 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Lutz Donnerhacke CC: ietf-openpgp@imc.org Subject: Re: Whither the 0x40 timestamp signature? References: <20040420151028.GA27514@jabberwocky.com> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Lutz Donnerhacke wrote: > I do have an application for this type of signature without providing the > full meaning of notary (0x50) signatures. When you say "I do have ..." are you saying that this is in existence, or that you are proposing this as a potential future use of 0x40 sigs? [description of App elided] > Should I provide detailed description, or should we remove the whole part? There are three reasons against your suggestion. One, that you seem to be defining a new app for an apparently unused but similar feature. If it is only a similar application, then we'd want to show that there are no extant uses of the allocated 0x40 code, etc, so that we don't end up with any confusion. (It's relatively ok for implementations to be confused, but the standard should not be...) (I guess it would be fine to *document* the prior use of the feature, from code.) Secondly, even if you could show that the old number was out of use, I'd still suggest formatting a new application with new bits and bobs, new meanings, and new text. Unless we are running out of bits in some obscure sense, I think it's better to leave old uses to die, and allocate new codes to new purposes, even if close. Thirdly (as I mooted in a prior post) I think we should be seriously considering putting the RFC process into feature freeze. So if there is anything *new* about this, such as a meaning, or an app still to be written, then I'd say the onus would be on the proposer to carefully make the case that this should go forward. E.g., once in feature freeze, we should switch attention to chopping deprecated and other dead-wood out there, and to fixing grammer and spelling and whatnot, and thinking about how it is that the darn thing gets finished. iang Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3MBZ1qb062533; Thu, 22 Apr 2004 04:35:01 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3MBZ1pv062532; Thu, 22 Apr 2004 04:35:01 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from zbasel.fortytwo.ch (zbasel.fortytwo.ch [212.254.206.135]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3MBZ0LY062521 for ; Thu, 22 Apr 2004 04:35:00 -0700 (PDT) (envelope-from avbidder@fortytwo.ch) Received: from pc-4514.ethz.ch (pc-4514.ethz.ch [129.132.57.72]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "pc-4514.ethz.ch", Issuer "fortytwo.ch CA certificate" (verified OK)) by zbasel.fortytwo.ch (Postfix) with ESMTP id B354026D for ; Thu, 22 Apr 2004 13:34:53 +0200 (CEST) Received: by pc-4514.ethz.ch (Postfix, from userid 1000) id E907225DA05; Thu, 22 Apr 2004 13:34:52 +0200 (CEST) From: "Adrian 'Dagurashibanipal' von Bidder" To: OpenPGP Subject: Re: "Yes, I can handle PGP/MIME" Date: Thu, 22 Apr 2004 13:34:46 +0200 User-Agent: KMail/1.6.2 References: <20040415154656.GA9480@jabberwocky.com> <73802EB0-9247-11D8-AA50-000A9568596C@callas.org> <20040420151256.GB27514@jabberwocky.com> In-Reply-To: <20040420151256.GB27514@jabberwocky.com> MIME-Version: 1.0 Content-Disposition: inline Content-Type: Text/Plain; charset="iso-8859-1" Message-Id: <200404221334.52007@fortytwo.ch> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id i3MBZ1LY062527 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 20 April 2004 17.12, David Shaw wrote: > I'll leave it to the folks advocating a notation solution to propose > something for that ;) My proposal would be to use the reserved '@'-less notation namespace, and establish a pseudo-hierarchy just for the case notations for other areas of application should ever be needed. The name of the notation would be 'email.mimeencoding', the value either 'rfc3156' or 'clearsigned'. (I considered specifying rfc2440 instead, but I fear that's not clear enough as rfc3156-formatted email will still use rfc2440 technology...) Also, the specification should IMHO state that the default for v4 keys without this notation should be to use what the user specifies explicitely, or make a guess based on other data (mail headers of the mail I'm replying to, features of the key of the recipient, whatever the MUA developers can think of), or use PGP/MIME in the absence of any such information. This would have to go into an RFC (of its own - as stated, I don't think it should go into 2440++ since it is entirely application related), I guess, if this should become a standard. I question, however, if there is any chance that this is ever going to get implemented - I guess the gnupg side would be easy enough (set it on key generation or selfsig generation), but I don't know about the MUA side (and I certainly won't spend any efforts there, even though I'd welcome the feature.) One big drawback: all this is only useful when a key of the recipient is available. The situation I'm having a problem with is where the recipient does *not* have a public key at all, so all this won't solve that :-( But the happy conclusion: this certainly should not affect further work on rfc2440++ greetings - -- vbi - -- The content of this message may or may not reflect the opinion of me, my employer, my girlfriend, my cat or anybody else, regardless of the fact whether such an employer, girlfriend, cat, or anybody else exists. I (or my employer, girlfriend, cat or whoever) disclaim any legal obligations resulting from the above message. You, as the reader of this message, may or may not have the permission to redistribute this message as a whole or in parts, verbatim or in modified form, or to distribute any message at all. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: get my key from http://fortytwo.ch/gpg/92082481 iKcEARECAGcFAkCHrdtgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l6z2cAn1tTsN3BqJXoF+A1TQxwsCMA 9Kw1AKCBTXmx2gC+UNOVjTav3tbbm5rFiw== =1feP -----END PGP SIGNATURE----- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3M8NQlj028429; Thu, 22 Apr 2004 01:23:26 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3M8NQBV028428; Thu, 22 Apr 2004 01:23:26 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from branwen.iks-jena.de (root@branwen.iks-jena.de [217.17.192.90]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3M8NO9x028386 for ; Thu, 22 Apr 2004 01:23:25 -0700 (PDT) (envelope-from news@branwen.iks-jena.de) Received: from branwen.iks-jena.de (localhost [127.0.0.1]) by branwen.iks-jena.de (8.12.11/8.12.9) with ESMTP id i3M8NJRW017710 for ; Thu, 22 Apr 2004 10:23:19 +0200 Received: (from news@localhost) by branwen.iks-jena.de (8.12.11/8.12.1/Submit) id i3M8NJAJ017709 for ietf-openpgp@imc.org; Thu, 22 Apr 2004 10:23:19 +0200 To: ietf-openpgp@imc.org Path: not-for-mail From: Lutz Donnerhacke Newsgroups: iks.lists.ietf-open-pgp Subject: Re: Whither the 0x40 timestamp signature? Date: Thu, 22 Apr 2004 08:23:19 +0000 (UTC) Organization: IKS GmbH Jena Lines: 50 Message-ID: References: <20040420151028.GA27514@jabberwocky.com> NNTP-Posting-Host: taranis.iks-jena.de X-Trace: branwen.iks-jena.de 1082622199 16832 217.17.192.37 (22 Apr 2004 08:23:19 GMT) X-Complaints-To: usenet@iks-jena.de NNTP-Posting-Date: Thu, 22 Apr 2004 08:23:19 +0000 (UTC) User-Agent: slrn/0.9.8.0 (Linux) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: * David Shaw wrote: > If the intent is that 0x40 is in fact a signature over a signature > (and nothing else), then a simple fix is to change section 5.2.1, > which currently says: > > 0x40: Timestamp signature. > This signature is only meaningful for the timestamp contained > in it. > > Change to read: > > 0x40: Timestamp signature. > This signature is a signature over some other OpenPGP > signature packet(s). It is only meaningful for the timestamp > contained in it. > > I'm not advocating that outcome. I'm equally content to see it > defined, marked for future use, or dropped. I do have an application for this type of signature without providing the full meaning of notary (0x50) signatures. There is a full blown enviroment which requires timestamping at users end without involving a real notary timestamping service. The German signature law contains a protocol error in proofing signatures of withdrawn keys. The only sound solution requires an additional timestamp of every signature. The law assumes that the sender is responsible for providing the timestamp. A simple (non notary) timestamp to be included consists of two values: - name of the timestamping service - value of the timestamp Those values can be included in three ways: a) Defining (one or two) notation data packets to optionally include such a timestamp in every signature packet. b) Defining a 0x40 signature as hashing the refered signature, and both fields. c) Defining a 0x40 signature as hashing the refered signature and include the notation data packets from version a. Variant a seems the most interesting one. Variant c extents this variant to the possibility of timestamping a signature later (by an other person). So I'd vote for defining a signature subpackets or two notation data subpackets for providing (non notary) timestamping pruposes, and defining the 0x40 signature type to as a hash over the whole signature subpacket (followed by the normal signature process). It's recommented to include the timestamp subpackets into every 0x40 signature. Should I provide detailed description, or should we remove the whole part? Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3M2VvdB037993; Wed, 21 Apr 2004 19:31:57 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3M2Vvak037992; Wed, 21 Apr 2004 19:31:57 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from thetis.deor.org (thetis.deor.org [207.106.86.210]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3M2VulL037985 for ; Wed, 21 Apr 2004 19:31:56 -0700 (PDT) (envelope-from rabbi@abditum.com) Received: by thetis.deor.org (Postfix, from userid 500) id 05E4F45067; Wed, 21 Apr 2004 19:32:00 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by thetis.deor.org (Postfix) with ESMTP id E9EC64802B; Wed, 21 Apr 2004 19:32:00 -0700 (PDT) Date: Wed, 21 Apr 2004 19:32:00 -0700 (PDT) From: Len Sassaman X-X-Sender: rabbi@thetis.deor.org To: Jon Callas Cc: OpenPGP Subject: Re: "Yes, I can handle PGP/MIME" In-Reply-To: <73802EB0-9247-11D8-AA50-000A9568596C@callas.org> Message-ID: References: <20040415154656.GA9480@jabberwocky.com> <200404161525.30889@fortytwo.ch> <407FF745.9000302@systemics.com> <200404190957.19325@fortytwo.ch> <73802EB0-9247-11D8-AA50-000A9568596C@callas.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, 19 Apr 2004, Jon Callas wrote: > > I'm considering this to be so controversial that there is no consensus > for it, and what bits of consensus there are lean away from it. My reading of the thread is that there is consensus that overloading the preferred key server packet is the incorrect way to denote PGP/MIME capabilities. There also appears to be consensus that we do need some way of indicating PGP/MIME capability. I advocate the use of the notation data packet for this purpose, but I would be perfectly happy if David's suggestions were implemented instead, and a new subpacket created to handle the issue. Either approach is valid, and I don't think anyone would criticize you for picking either. I do think this issue needs to be addressed decisively in the document, though, and I encourage you to pick one of the two options above. --Len. Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3LK7EXW005779; Wed, 21 Apr 2004 13:07:14 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3LK7EbW005778; Wed, 21 Apr 2004 13:07:14 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3LK7DJ0005758 for ; Wed, 21 Apr 2004 13:07:13 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.4) for ; Wed, 21 Apr 2004 13:07:14 -0700 Received: from [10.0.1.5] ([66.91.134.147]) by keys.merrymeet.com (PGP Universal service); Wed, 21 Apr 2004 13:07:14 -0700 Mime-Version: 1.0 (Apple Message framework v613) In-Reply-To: <20040420151028.GA27514@jabberwocky.com> References: <20040420004920.GH29690@jabberwocky.com> <20040420151028.GA27514@jabberwocky.com> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <7BD31B2B-93CF-11D8-AC79-000A9568596C@callas.org> Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Whither the 0x40 timestamp signature? Date: Wed, 21 Apr 2004 13:07:15 -0700 To: OpenPGP X-Mailer: Apple Mail (2.613) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: It's really easy to remove this. Ian has a good reason to remove it. I'll take Ian and David proposing removing it, as 0x50 has more function and is better defined. Does anyone object strongly? Anyone, anyone? Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3KFD0lu090578; Tue, 20 Apr 2004 08:13:00 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3KFD03M090577; Tue, 20 Apr 2004 08:13:00 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3KFCxbN090570 for ; Tue, 20 Apr 2004 08:13:00 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.ne.client2.attbi.com (walrus.ne.client2.attbi.com [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id i3KFD1u06793 for ; Tue, 20 Apr 2004 11:13:02 -0400 Received: from claude.jabberwocky.com ([172.24.84.27]) by walrus.ne.client2.attbi.com (8.12.8/8.12.8) with ESMTP id i3KFCuuG000358 for ; Tue, 20 Apr 2004 11:12:57 -0400 Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id i3KFCuq28000 for ietf-openpgp@imc.org; Tue, 20 Apr 2004 11:12:56 -0400 Date: Tue, 20 Apr 2004 11:12:56 -0400 From: David Shaw To: OpenPGP Subject: Re: "Yes, I can handle PGP/MIME" Message-ID: <20040420151256.GB27514@jabberwocky.com> Mail-Followup-To: OpenPGP References: <20040415154656.GA9480@jabberwocky.com> <200404161525.30889@fortytwo.ch> <407FF745.9000302@systemics.com> <200404190957.19325@fortytwo.ch> <73802EB0-9247-11D8-AA50-000A9568596C@callas.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <73802EB0-9247-11D8-AA50-000A9568596C@callas.org> X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-Request-PGP: http://www.jabberwocky.com/david/keys.asc X-Phase-Of-Moon: The Moon is Waxing Crescent (1% of Full) User-Agent: Mutt/1.5.6i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, Apr 19, 2004 at 02:20:58PM -0700, Jon Callas wrote: > > I'm considering this to be so controversial that there is no consensus > for it, and what bits of consensus there are lean away from it. I think there is consensus that such a flag should not be set in the "features" subpacket. There seemed to be at least some consensus that such a flag would be better placed in a "notation" subpacket. I'll leave it to the folks advocating a notation solution to propose something for that ;) David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3KFC6tW090336; Tue, 20 Apr 2004 08:12:06 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3KFC6VK090335; Tue, 20 Apr 2004 08:12:06 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3KFC4VB090329 for ; Tue, 20 Apr 2004 08:12:04 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.ne.client2.attbi.com (walrus.ne.client2.attbi.com [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id i3KFAYu06596; Tue, 20 Apr 2004 11:10:34 -0400 Received: from claude.jabberwocky.com ([172.24.84.27]) by walrus.ne.client2.attbi.com (8.12.8/8.12.8) with ESMTP id i3KFATuG000313; Tue, 20 Apr 2004 11:10:29 -0400 Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id i3KFASn27978; Tue, 20 Apr 2004 11:10:28 -0400 Date: Tue, 20 Apr 2004 11:10:28 -0400 From: David Shaw To: Jon Callas Cc: ietf-openpgp@imc.org Subject: Re: Whither the 0x40 timestamp signature? Message-ID: <20040420151028.GA27514@jabberwocky.com> Mail-Followup-To: Jon Callas , ietf-openpgp@imc.org References: <20040420004920.GH29690@jabberwocky.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-Request-PGP: http://www.jabberwocky.com/david/keys.asc X-Phase-Of-Moon: The Moon is New User-Agent: Mutt/1.5.6i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, Apr 19, 2004 at 09:19:18PM -0700, Jon Callas wrote: > >I'm not necessarily requesting that 0x40 be fleshed out and clarified: > >I'd be just as content to see it dropped. If, as I assume, the 0x40 > >is just the same as the 0x50 with a different (human) interpretation, > >then perhaps we should just drop it. If people want to assign human > >interpretations to their signatures, let them use notations. > > > > As I remember, it stays there for the same reason that some other > seldom-to-never-used > signature types are there: for backwards compatibility with their never > being used. They are there for the same reason there is old stuff in my > garage -- we hope to use it someday. > > I'm not sure spring cleaning is warranted, but it's easy enough, if > people think so. I'm not sure about spring cleaning, either. Underspecified parts of the standard trouble me, however. They can't be implemented, and they aren't marked "for future use" either. The 0x40 signature was mentioned in 1991 as a signature over a signature, but no information was given on how to actually make one. 2440 redefined the 0x40 as a "timestamp signature", but still no information was given on how to make one, and it was no longer stated to be a signature over a signature. The 2440bis drafts add a little hint in that 0x40 gets a signature target, which only makes sense if 0x40 has a signature as at least part of its input. I'll defer to the feeling of the WG on whether to drop or not. However, if are going to keep 0x40 in the standard, we should at least say how to make one or explicitly mark it for future use. If the intent is that 0x40 is in fact a signature over a signature (and nothing else), then a simple fix is to change section 5.2.1, which currently says: 0x40: Timestamp signature. This signature is only meaningful for the timestamp contained in it. Change to read: 0x40: Timestamp signature. This signature is a signature over some other OpenPGP signature packet(s). It is only meaningful for the timestamp contained in it. I'm not advocating that outcome. I'm equally content to see it defined, marked for future use, or dropped. David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3KBthgs065887; Tue, 20 Apr 2004 04:55:43 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3KBthPP065886; Tue, 20 Apr 2004 04:55:43 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from www.enhyper.com (mailgate.enhyper.com [62.49.250.18]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3KBteDH065879 for ; Tue, 20 Apr 2004 04:55:42 -0700 (PDT) (envelope-from iang@systemics.com) Received: from systemics.com (localhost.localdomain [127.0.0.1]) by www.enhyper.com (8.11.6/8.11.6) with ESMTP id i3KBt7m24907; Tue, 20 Apr 2004 12:55:13 +0100 Message-ID: <40850F74.1060700@systemics.com> Date: Tue, 20 Apr 2004 07:54:28 -0400 From: Ian Grigg User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6b) Gecko/20040113 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org CC: Jon Callas , David Shaw Subject: Re: Whither the 0x40 timestamp signature? References: <20040420004920.GH29690@jabberwocky.com> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Jon Callas wrote: > >> I'm not necessarily requesting that 0x40 be fleshed out and clarified: >> I'd be just as content to see it dropped. If, as I assume, the 0x40 >> is just the same as the 0x50 with a different (human) interpretation, >> then perhaps we should just drop it. If people want to assign human >> interpretations to their signatures, let them use notations. >> > > As I remember, it stays there for the same reason that some other > seldom-to-never-used > signature types are there: for backwards compatibility with their never > being used. They are there for the same reason there is old stuff in my > garage -- we hope to use it someday. > > I'm not sure spring cleaning is warranted, but it's easy enough, if > people think so. If it can be marked with a SHOULD NOT use / deprecated then that would be good. More spring cleaning is better. OpenPGP's incessant algorithmic messiness slows its migration. (a general comment, not specific. for clarification I have no clue as to the particular number.) iang Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3K4JY6L050191; Mon, 19 Apr 2004 21:19:34 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3K4JYcA050189; Mon, 19 Apr 2004 21:19:34 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3K4JXjg050171 for ; Mon, 19 Apr 2004 21:19:33 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.4) for ; Mon, 19 Apr 2004 21:19:39 -0700 Received: from [63.73.97.180] ([63.73.97.180]) by keys.merrymeet.com (PGP Universal service); Mon, 19 Apr 2004 21:19:37 -0700 In-Reply-To: <20040420004920.GH29690@jabberwocky.com> References: <20040420004920.GH29690@jabberwocky.com> Mime-Version: 1.0 (Apple Message framework v613) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit Cc: ietf-openpgp@imc.org From: Jon Callas Subject: Re: Whither the 0x40 timestamp signature? Date: Mon, 19 Apr 2004 21:19:18 -0700 To: David Shaw X-Mailer: Apple Mail (2.613) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: > I'm not necessarily requesting that 0x40 be fleshed out and clarified: > I'd be just as content to see it dropped. If, as I assume, the 0x40 > is just the same as the 0x50 with a different (human) interpretation, > then perhaps we should just drop it. If people want to assign human > interpretations to their signatures, let them use notations. > As I remember, it stays there for the same reason that some other seldom-to-never-used signature types are there: for backwards compatibility with their never being used. They are there for the same reason there is old stuff in my garage -- we hope to use it someday. I'm not sure spring cleaning is warranted, but it's easy enough, if people think so. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3K0nZK0035531; Mon, 19 Apr 2004 17:49:35 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3K0nZLK035530; Mon, 19 Apr 2004 17:49:35 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3K0nTZN035523 for ; Mon, 19 Apr 2004 17:49:33 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.ne.client2.attbi.com (walrus.ne.client2.attbi.com [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id i3K0nQu16897 for ; Mon, 19 Apr 2004 20:49:31 -0400 Received: from claude.jabberwocky.com ([172.24.84.27]) by walrus.ne.client2.attbi.com (8.12.8/8.12.8) with ESMTP id i3K0nLuG018264 for ; Mon, 19 Apr 2004 20:49:21 -0400 Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id i3K0nLQ12319 for ietf-openpgp@imc.org; Mon, 19 Apr 2004 20:49:21 -0400 Date: Mon, 19 Apr 2004 20:49:20 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Whither the 0x40 timestamp signature? Message-ID: <20040420004920.GH29690@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-Request-PGP: http://www.jabberwocky.com/david/keys.asc X-Phase-Of-Moon: The Moon is Waning Crescent (1% of Full) User-Agent: Mutt/1.5.6i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: When we defined the 0x50 notary signature, the old 0x40 from 1991 was the insipration for it. 0x40 was defined in 1991 as more or less what the 0x50 sig is defined for today. Now we have both the 0x40 and 0x50, and the 0x40 seems rather underdefined to me. For starters, there are no hashing rules specified for it, so how do you make one? Since both the 0x40 and 0x50 get a target subpacket, one could infer that they are similar, but there is nothing concrete. I'm not necessarily requesting that 0x40 be fleshed out and clarified: I'd be just as content to see it dropped. If, as I assume, the 0x40 is just the same as the 0x50 with a different (human) interpretation, then perhaps we should just drop it. If people want to assign human interpretations to their signatures, let them use notations. David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3JLKuUd020603; Mon, 19 Apr 2004 14:20:56 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3JLKuEv020602; Mon, 19 Apr 2004 14:20:56 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3JLKttK020591 for ; Mon, 19 Apr 2004 14:20:55 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.4) for ; Mon, 19 Apr 2004 14:20:56 -0700 Received: from [63.73.97.180] ([63.73.97.180]) by keys.merrymeet.com (PGP Universal service); Mon, 19 Apr 2004 14:20:56 -0700 Mime-Version: 1.0 (Apple Message framework v613) In-Reply-To: <200404190957.19325@fortytwo.ch> References: <20040415154656.GA9480@jabberwocky.com> <200404161525.30889@fortytwo.ch> <407FF745.9000302@systemics.com> <200404190957.19325@fortytwo.ch> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <73802EB0-9247-11D8-AA50-000A9568596C@callas.org> Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: "Yes, I can handle PGP/MIME" Date: Mon, 19 Apr 2004 14:20:58 -0700 To: OpenPGP X-Mailer: Apple Mail (2.613) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I'm considering this to be so controversial that there is no consensus for it, and what bits of consensus there are lean away from it. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3J81imP023790; Mon, 19 Apr 2004 01:01:44 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3J81i22023789; Mon, 19 Apr 2004 01:01:44 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from zbasel.fortytwo.ch (zbasel.fortytwo.ch [212.254.206.135]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3J81h0D023778 for ; Mon, 19 Apr 2004 01:01:44 -0700 (PDT) (envelope-from avbidder@fortytwo.ch) Received: from pc-4514.ethz.ch (pc-4514.ethz.ch [129.132.57.72]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "pc-4514.ethz.ch", Issuer "fortytwo.ch CA certificate" (verified OK)) by zbasel.fortytwo.ch (Postfix) with ESMTP id 7168266 for ; Mon, 19 Apr 2004 10:01:43 +0200 (CEST) Received: by pc-4514.ethz.ch (Postfix, from userid 1000) id 0E22425DA23; Mon, 19 Apr 2004 10:01:43 +0200 (CEST) From: "Adrian 'Dagurashibanipal' von Bidder" To: ietf-openpgp@imc.org Subject: Re: "Yes, I can handle PGP/MIME" Date: Mon, 19 Apr 2004 10:01:42 +0200 User-Agent: KMail/1.6.1 References: <20040415154656.GA9480@jabberwocky.com> <20040416145228.GA24809@jabberwocky.com> <407FFFEA.7020301@smgwtest.aachen.utimaco.de> In-Reply-To: <407FFFEA.7020301@smgwtest.aachen.utimaco.de> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_md4gAyUtQZ+KDKp"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200404191001.42831@fortytwo.ch> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --Boundary-02=_md4gAyUtQZ+KDKp Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 16 April 2004 17.46, Holger Sesterhenn wrote: > Well, as soon as someone contributes a PGP/MIME capable plugin for a > specific mail client from a very specific company I am willing to say > that PGP/MIME might have a chance becoming a new standard (*). Won't solve the problem for those who like to sign their mail per=20 default - the problem is not people who are aware of OpenPGP (those=20 usually know the PGP/MIME problem when they use MSOE, which in my=20 experience is quite rare anyway.) The problem is people who do not know=20 anything and do not care about OpenPGP (or any other form of email=20 protection.) They won't be ready (or able) to install something on=20 their machine to be able to read my mail. cheers =2D- vbi =2D-=20 Conquest is easy. Control is not. -- Kirk, "Mirror, Mirror", stardate unknown --Boundary-02=_md4gAyUtQZ+KDKp Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iKcEABECAGcFAkCDh2ZgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l6H/gAoL2RCb8F3w2TOBG/6GqXZWPS ATi0AJ0ReuWRxtRA/xbxo3VtfqePbQxGGA== =uq40 -----END PGP SIGNATURE----- --Boundary-02=_md4gAyUtQZ+KDKp-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3J7vd4d022195; Mon, 19 Apr 2004 00:57:39 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3J7vdEU022191; Mon, 19 Apr 2004 00:57:39 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from zbasel.fortytwo.ch (zbasel.fortytwo.ch [212.254.206.135]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3J7vbLq022061 for ; Mon, 19 Apr 2004 00:57:38 -0700 (PDT) (envelope-from avbidder@fortytwo.ch) Received: from pc-4514.ethz.ch (pc-4514.ethz.ch [129.132.57.72]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "pc-4514.ethz.ch", Issuer "fortytwo.ch CA certificate" (verified OK)) by zbasel.fortytwo.ch (Postfix) with ESMTP id 2558145D for ; Mon, 19 Apr 2004 09:57:20 +0200 (CEST) Received: by pc-4514.ethz.ch (Postfix, from userid 1000) id 8A29A25DA23; Mon, 19 Apr 2004 09:57:19 +0200 (CEST) From: "Adrian 'Dagurashibanipal' von Bidder" To: ietf-openpgp@imc.org Subject: Re: "Yes, I can handle PGP/MIME" Date: Mon, 19 Apr 2004 09:57:19 +0200 User-Agent: KMail/1.6.1 References: <20040415154656.GA9480@jabberwocky.com> <200404161525.30889@fortytwo.ch> <407FF745.9000302@systemics.com> In-Reply-To: <407FF745.9000302@systemics.com> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_fZ4gAZtljhBcduX"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200404190957.19325@fortytwo.ch> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --Boundary-02=_fZ4gAZtljhBcduX Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 16 April 2004 17.09, you wrote: > Adrian 'Dagurashibanipal' von Bidder wrote: > >>Why can't you invent a convention that adjusts the > >>userid to include an OpenPGP/MIME hint? > > > > Ugh. And then I'm forced to change the userid when I change my > > mailer, and lose all signatures on the userid that I've collected > > so far? I think embedding this info in the selfsig is the way to > > go[...]=20 > Well, right. All that above has to be balanced > against the fact that email is a user application, > and it's not good to pollute OpenPGP with special > hacks and bits.=20 Yep, fully agree. Perhaps you've not read my first mail in this thread:=20 I feel this bit to be unnecessary, IMHO notation data was invented=20 exactly for cases like this. cheers =2D- vbi =2D-=20 P'tang! --Boundary-02=_fZ4gAZtljhBcduX Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iKcEABECAGcFAkCDhl9gGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l6cucAoKF1TDvbd79tKeo8FuxCzPzQ +eV/AKCPba8xGrKNP4ElUMjKhKAZDg/qTQ== =lWkb -----END PGP SIGNATURE----- --Boundary-02=_fZ4gAZtljhBcduX-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GFljoq079210; Fri, 16 Apr 2004 08:47:45 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3GFljuW079209; Fri, 16 Apr 2004 08:47:45 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from thingol.ac.utimaco.de (Thingol.aachen.utimaco.de [194.245.91.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GFliQo079192 for ; Fri, 16 Apr 2004 08:47:44 -0700 (PDT) (envelope-from Holger.Sesterhenn@smgwtest.aachen.utimaco.de) Received: (from mail@localhost) by thingol.ac.utimaco.de (8.12.10/8.12.10) id i3GFtMsx019368 for ; Fri, 16 Apr 2004 17:55:22 +0200 Message-ID: <407FFFEA.7020301@smgwtest.aachen.utimaco.de> Date: Fri, 16 Apr 2004 17:46:50 +0200 From: Holger Sesterhenn Organization: Utimaco Safeware AG, NL Aachen User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030821 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org Subject: Re: "Yes, I can handle PGP/MIME" References: <20040415154656.GA9480@jabberwocky.com> <20040416145228.GA24809@jabberwocky.com> In-Reply-To: <20040416145228.GA24809@jabberwocky.com> X-Enigmail-Version: 0.76.7.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hi, > Note that I am not arguing against using PGP/MIME. I use it whenever > I can, and I honestly believe it is the way to go. Unfortunately, not > everyone is able to use it. Since I do not forsee this situation > changing anytime soon - I've waited 8 years now - a features flag or > notation is a simple indicator of the mail preference of the > keyholder. Well, as soon as someone contributes a PGP/MIME capable plugin for a specific mail client from a very specific company I am willing to say that PGP/MIME might have a chance becoming a new standard (*). In the meanwhile we should not use a rarely spread flag indicating the use of keyservers to say "hey, I like PGP/MIME". I don't like hacks anymore. Using a notation sounds ok for me. Best Regards, Holger Sesterhenn --- Internet http://www.utimaco.com (*) Yes, Enigmail for Outlook or Outlook Express would be great! Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GFAjDP073778; Fri, 16 Apr 2004 08:10:45 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3GFAjAM073777; Fri, 16 Apr 2004 08:10:45 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from www.enhyper.com (mailgate.enhyper.com [62.49.250.18]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GFAija073762 for ; Fri, 16 Apr 2004 08:10:44 -0700 (PDT) (envelope-from iang@systemics.com) Received: from systemics.com (localhost.localdomain [127.0.0.1]) by www.enhyper.com (8.11.6/8.11.6) with ESMTP id i3GFAYm25577; Fri, 16 Apr 2004 16:10:40 +0100 Message-ID: <407FF745.9000302@systemics.com> Date: Fri, 16 Apr 2004 11:09:57 -0400 From: Ian Grigg User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6b) Gecko/20040113 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org Subject: Re: "Yes, I can handle PGP/MIME" References: <20040415154656.GA9480@jabberwocky.com> <200404161208.50370@fortytwo.ch> <407FD5CD.6010205@systemics.com> <200404161525.30889@fortytwo.ch> In-Reply-To: <200404161525.30889@fortytwo.ch> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Adrian 'Dagurashibanipal' von Bidder wrote: >>Why can't you invent a convention that adjusts the >>userid to include an OpenPGP/MIME hint? > > > Ugh. And then I'm forced to change the userid when I change my mailer, > and lose all signatures on the userid that I've collected so far? I > think embedding this info in the selfsig is the way to go - I can > replace that and if the software is clever enough to silently ignore > all but the newest selfsig, all users won't even notice that the > underlying technology doesn't allow you to change your key, but only to > add to it. I still think that this is a perfect example where notations > would be the solution. Well, right. All that above has to be balanced against the fact that email is a user application, and it's not good to pollute OpenPGP with special hacks and bits. (I'm not wedded to my above suggestion, it's more in the vein of searching for alternates. And there seem to be plenty of bits available for this sort of use...) If the choice were between adding a bit as per the original thread suggestion by David, and overloading another bit already utilised, as a "version" indicator, (the "preferred keyserver attribute" ?) then I'd definately plumb for the former - define a special bit: 0x02 - Recipient is capable of handling OpenPGP/MIME (RFC-3156). (etc.) I think David's original post still rules. As a standard, it's good to keep an eye on compatibility amongst implementations, but overloading should be discouraged. There's no reason why future implementations couldn't adopt that bit, even if they used some overloaded bit in the past/absence. iang PS: at what point do we go for feature freeze? How long does this process of minor additions go on for? Derik, what is the process to get this thing signed off and passed into law? Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GEuu2M071685; Fri, 16 Apr 2004 07:56:56 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3GEuuVF071684; Fri, 16 Apr 2004 07:56:56 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GEuusw071678 for ; Fri, 16 Apr 2004 07:56:56 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from claude.jabberwocky.com (walrus.ne.client2.attbi.com [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id i3GEuwS30490 for ; Fri, 16 Apr 2004 10:56:58 -0400 Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id i3GEuqJ25172 for ietf-openpgp@imc.org; Fri, 16 Apr 2004 10:56:52 -0400 Date: Fri, 16 Apr 2004 10:56:52 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: "Yes, I can handle PGP/MIME" Message-ID: <20040416145652.GB24809@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20040415154656.GA9480@jabberwocky.com> <200404160952.04791@fortytwo.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200404160952.04791@fortytwo.ch> X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-Request-PGP: http://www.jabberwocky.com/david/keys.asc X-Phase-Of-Moon: The Moon is Waning Crescent (9% of Full) User-Agent: Mutt/1.5.6i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Fri, Apr 16, 2004 at 09:52:03AM +0200, Adrian 'Dagurashibanipal' von Bidder wrote: > > On Thursday 15 April 2004 17.46, David Shaw wrote: > > > Given all that, would there be some benefit in a standard way for a > > user to advertise that he can handle PGP/MIME? Specifically, a > > "features" subpacket bit to say "I can handle PGP/MIME". > > Since this is completely unrelated to OpenPGP itself, isn't this a good > case for a notation packet on the selfsig? The big advantage is that > this could be specified in the proper document - the one specifying > PGP/MIME (well, when it is revised the next time), or in a document > updating rfc3156. > > I feel it is bad design to bloat the OpenPGP spec with application > specific things like this (even when email is the dominant application > of OpenPGP at this time.) > > Notation 'pgp-mime=accept' or 'rfc3156=accept' or 'email=rfc3156' or ... > (Hmmm. I like the latter - perhaps there will be other options on how > email should be formatted etc., and it would allow 'email=clearsigned' > if somebody wants to explicitly discourage PGP/MIME usage.) I have no objections to this, though a more complex encoding of PGP/MIME desires (aside from yes or no) may be overkill for the problem at hand. David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GEqWML071125; Fri, 16 Apr 2004 07:52:32 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3GEqWpe071123; Fri, 16 Apr 2004 07:52:32 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GEqVUA071115 for ; Fri, 16 Apr 2004 07:52:31 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from claude.jabberwocky.com (walrus.ne.client2.attbi.com [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id i3GEqXS30453 for ; Fri, 16 Apr 2004 10:52:33 -0400 Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id i3GEqSG25130 for ietf-openpgp@imc.org; Fri, 16 Apr 2004 10:52:28 -0400 Date: Fri, 16 Apr 2004 10:52:28 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: "Yes, I can handle PGP/MIME" Message-ID: <20040416145228.GA24809@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20040415154656.GA9480@jabberwocky.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-Request-PGP: http://www.jabberwocky.com/david/keys.asc X-Phase-Of-Moon: The Moon is Waning Crescent (9% of Full) User-Agent: Mutt/1.5.6i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: While I was aware of PGP's already deployed double meaning for the "preferred keyserver" field (being both a preferred keyserver and "use PGP/MIME" flag), I did not want my proposal to be interpreted as an indictment of that method and so did not discuss it. A desire to avoid confict with that already deployed method is why there is an entire paragraph of bending backwards in my proposal to insist that programs can use any heuristics they want to determine PGP/MIME usage. PGP would be completely compliant even if it ignored the proposed flag altogether. Nevertheless, some comments: On Fri, Apr 16, 2004 at 02:24:38AM -0700, Will Price wrote: > Thus, we would have no use for such a flag (if you had posted your > message two years ago, that would be a different answer). I don't > anticipate any major email scenarios in the future which will not > support at least the decoding of PGP/MIME. PGP products either do now > or will use this flag in the way indicated above. Since most GPG front > ends already require PGP/MIME and often set this flag on keys, the > waters are already moving in the proper direction. Unfortunately, this is not true. No version of GnuPG sets the "preferred keyserver" flag on keys. It is a feature scheduled for 1.4, but only exists on my laptop at this moment. > While this was a bit of a hack, the facts on keys in the field match > the usage of the attribute and all signs point to that continuing. I > believe over the next two years we will find that the remaining > deployed population unable to decode PGP/MIME will have dwindled to > insignificant levels. I believed that as well, back in 1996. I believed it again in 1998, and so on. ;) Here we are in 2004, and I still can't send PGP/MIME to many correspondants. As recently as two years ago, I sent PGP/MIME mail to Philip Zimmermann. He was unable to read it. Note that I am not arguing against using PGP/MIME. I use it whenever I can, and I honestly believe it is the way to go. Unfortunately, not everyone is able to use it. Since I do not forsee this situation changing anytime soon - I've waited 8 years now - a features flag or notation is a simple indicator of the mail preference of the keyholder. David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GDPUHF057157; Fri, 16 Apr 2004 06:25:30 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3GDPUgc057156; Fri, 16 Apr 2004 06:25:30 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from zbasel.fortytwo.ch (zbasel.fortytwo.ch [212.254.206.135]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GDPTJl057142 for ; Fri, 16 Apr 2004 06:25:30 -0700 (PDT) (envelope-from avbidder@fortytwo.ch) Received: from pc-4514.ethz.ch (pc-4514.ethz.ch [129.132.57.72]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "pc-4514.ethz.ch", Issuer "fortytwo.ch CA certificate" (verified OK)) by zbasel.fortytwo.ch (Postfix) with ESMTP id 75E1CC4 for ; Fri, 16 Apr 2004 15:25:31 +0200 (CEST) Received: by pc-4514.ethz.ch (Postfix, from userid 1000) id 1C0E925DA23; Fri, 16 Apr 2004 15:25:31 +0200 (CEST) From: "Adrian 'Dagurashibanipal' von Bidder" To: ietf-openpgp@imc.org Subject: Re: "Yes, I can handle PGP/MIME" Date: Fri, 16 Apr 2004 15:25:29 +0200 User-Agent: KMail/1.6.1 References: <20040415154656.GA9480@jabberwocky.com> <200404161208.50370@fortytwo.ch> <407FD5CD.6010205@systemics.com> In-Reply-To: <407FD5CD.6010205@systemics.com> MIME-Version: 1.0 Content-Disposition: inline Content-Type: Text/Plain; charset="iso-8859-1" Message-Id: <200404161525.30889@fortytwo.ch> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id i3GDPUJl057151 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [no cc:s, please] On Friday 16 April 2004 14.47, Ian Grigg wrote: > Why can't you invent a convention that adjusts the > userid to include an OpenPGP/MIME hint? Ugh. And then I'm forced to change the userid when I change my mailer, and lose all signatures on the userid that I've collected so far? I think embedding this info in the selfsig is the way to go - I can replace that and if the software is clever enough to silently ignore all but the newest selfsig, all users won't even notice that the underlying technology doesn't allow you to change your key, but only to add to it. I still think that this is a perfect example where notations would be the solution. cheers - -- vbi - -- featured product: Debian GNU/Linux - http://debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: get my key from http://fortytwo.ch/gpg/92082481 iKcEARECAGcFAkB/3slgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l6XbYAn2qgxzMUQWyucqEVOIFd0fk3 HZPkAKCYLTOXdYhogyQxsB0fuRO7zbI3Ww== =m9m7 -----END PGP SIGNATURE----- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GCmJ5I051892; Fri, 16 Apr 2004 05:48:19 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3GCmJVq051891; Fri, 16 Apr 2004 05:48:19 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from www.enhyper.com (mailgate.enhyper.com [62.49.250.18]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GCmICf051877 for ; Fri, 16 Apr 2004 05:48:18 -0700 (PDT) (envelope-from iang@systemics.com) Received: from systemics.com (localhost.localdomain [127.0.0.1]) by www.enhyper.com (8.11.6/8.11.6) with ESMTP id i3GClkm24957; Fri, 16 Apr 2004 13:47:52 +0100 Message-ID: <407FD5CD.6010205@systemics.com> Date: Fri, 16 Apr 2004 08:47:09 -0400 From: Ian Grigg User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6b) Gecko/20040113 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org CC: "Adrian 'Dagurashibanipal' von Bidder" Subject: Re: "Yes, I can handle PGP/MIME" References: <20040415154656.GA9480@jabberwocky.com> <200404161208.50370@fortytwo.ch> In-Reply-To: <200404161208.50370@fortytwo.ch> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Adrian 'Dagurashibanipal' von Bidder wrote: > - some people are not able to or do not want to use PGP/MIME for > whatever reason > - PGP/MIME might be replaced by yet another standard in the future. To add to that, - email itself is being overtaken by IM. I read somewhere (can't recall where) that the IM traffic already exceeds that of email. Thinking in terms of "OpenPGP is for email" is akin to saying "dinosaurs rule the earth" ... it's only true for so long. > I think, since userid are quite tightly bound to email addresses, that a > way to tell the sender how the key owner expects to receive digitally > signed/encrypted email is something that would solve an actual problem. Why can't you invent a convention that adjusts the userid to include an OpenPGP/MIME hint? It could be some small char like *, or some longer string: Ian Grigg * Iang MIME++" I'm a lover of OpenPGP/MIME This is what we did in our use of OpenPGP for a different application: Ian Grigg [certification] (dss2) The application goes searching for words in square brackets. If you wanted to use the same convention, then, add in [MIME] to each userid. iang Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GAMcjn031319; Fri, 16 Apr 2004 03:22:38 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3GAMcUK031318; Fri, 16 Apr 2004 03:22:38 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from thetis.deor.org (thetis.deor.org [207.106.86.210]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GAMbmA031303 for ; Fri, 16 Apr 2004 03:22:37 -0700 (PDT) (envelope-from rabbi@abditum.com) Received: by thetis.deor.org (Postfix, from userid 500) id AD9FA450AF; Fri, 16 Apr 2004 03:22:37 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by thetis.deor.org (Postfix) with ESMTP id 9D54E4802E; Fri, 16 Apr 2004 03:22:37 -0700 (PDT) Date: Fri, 16 Apr 2004 03:22:37 -0700 (PDT) From: Len Sassaman X-X-Sender: rabbi@thetis.deor.org To: Will Price Cc: ietf-openpgp@imc.org Subject: Re: "Yes, I can handle PGP/MIME" In-Reply-To: Message-ID: References: <20040415154656.GA9480@jabberwocky.com> X-AIM: Elom777 X-icq: 10735603 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Fri, 16 Apr 2004, Will Price wrote: > In the absence of a definitive non-advisory flag, we solved this > problem over a year ago, and the solution is now deployed in many > versions of shipping products. Since PGP products never (before PGP For the record, I believe this "solution" to be ill-advised. Implementing such hacks without discussion in this group will result in continued compatibility issues between OpenPGP implementations. I informed the product manager of PGP Universal of this error before the product originally shipped, but was told it was too late to change tactics at that point. Nevertheless, I still believe that the "preferred keyserver" packet should indicate preferred keyservers, and that MIME-encoding preferences should be indicated elsewhere. Your solution is a hack, and an unnecessary one, since there is an elegant means of expressing such information already built into OpenPGP -- the notation data packet. I hope this is corrected in future releases of PGP Universal. --Len. Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GA8q1a029362; Fri, 16 Apr 2004 03:08:52 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3GA8q55029361; Fri, 16 Apr 2004 03:08:52 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from zbasel.fortytwo.ch (zbasel.fortytwo.ch [212.254.206.135]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3GA8pVp029347 for ; Fri, 16 Apr 2004 03:08:51 -0700 (PDT) (envelope-from avbidder@fortytwo.ch) Received: from pc-4514.ethz.ch (pc-4514.ethz.ch [129.132.57.72]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "pc-4514.ethz.ch", Issuer "fortytwo.ch CA certificate" (verified OK)) by zbasel.fortytwo.ch (Postfix) with ESMTP id B50F1DB for ; Fri, 16 Apr 2004 12:08:51 +0200 (CEST) Received: by pc-4514.ethz.ch (Postfix, from userid 1000) id 9E9BC25DA23; Fri, 16 Apr 2004 12:08:50 +0200 (CEST) From: "Adrian 'Dagurashibanipal' von Bidder" To: ietf-openpgp@imc.org Subject: Re: "Yes, I can handle PGP/MIME" Date: Fri, 16 Apr 2004 12:08:45 +0200 User-Agent: KMail/1.6.1 References: <20040415154656.GA9480@jabberwocky.com> In-Reply-To: MIME-Version: 1.0 Content-Disposition: inline Content-Type: Text/Plain; charset="iso-8859-1" Message-Id: <200404161208.50370@fortytwo.ch> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id i3GA8qVp029354 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 16 April 2004 11.24, Will Price wrote: [...] > Email formats are becoming ever more complex. PGP/MIME is the only > standard solution on the table. [...] - some people are not able to or do not want to use PGP/MIME for whatever reason - PGP/MIME might be replaced by yet another standard in the future. I think, since userid are quite tightly bound to email addresses, that a way to tell the sender how the key owner expects to receive digitally signed/encrypted email is something that would solve an actual problem. Remember, rfc1847 is now almost 10 years old, and rfc2015[*] is 8 years old, and still the dominant email client fails horribly on such messages, and still inline signed email is widely in use (you said that not many PGP product until recently supported PGP/MIME.) So I think being friendly to users of legacy solutions is one lession one should have learned by now in the IT world. greetings - -- vbi [*] yes, I know the current standard is 3156, but I think the differencies do not matter for mailers *not* supporting that standard. In case the MIME rfcs are unclear on what to do with multipart/ messages, rfc1847 should be enough for people to be aware of the existence of such messages. - -- featured link: http://fortytwo.ch/gpg/intro -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: get my key from http://fortytwo.ch/gpg/92082481 iKcEARECAGcFAkB/sLFgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l6mlYAoI9BucT9hemvtz3tpTmxRFgs dT1PAJ4uvlfcXXe0axNx/GBJUri05JIYPg== =vlLu -----END PGP SIGNATURE----- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3G9PKwf021605; Fri, 16 Apr 2004 02:25:20 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3G9PKsQ021604; Fri, 16 Apr 2004 02:25:20 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from serpent.cyphers.net (rijndael.cyphers.net [64.220.173.144]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3G9PJFn021579 for ; Fri, 16 Apr 2004 02:25:19 -0700 (PDT) (envelope-from wprice@cyphers.net) Received: from serpent.cyphers.net (localhost [127.0.0.1]) by serpent.cyphers.net (Postfix) with ESMTP id 0A73C532990 for ; Fri, 16 Apr 2004 02:25:18 -0700 (PDT) Received: from cyphers.net ([64.220.173.146]) by serpent.cyphers.net (PGP Universal service); Fri, 16 Apr 2004 02:25:18 -0700 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on mail.cyphers.net X-Spam-Status: No, hits=-4.7 required=3.0 tests=AWL,BAYES_00 autolearn=ham version=2.63 X-Spam-Level: X-TFF-CGPSA-Version: 1.2.4 X-TFF-CGPSA-Filter: Scanned Received: from keys.cyphers.net (account wprice [64.220.173.170] verified) by cyphers.net (CommuniGate Pro SMTP 4.1.8) with ESMTP id 1672872 for ietf-openpgp@imc.org; Fri, 16 Apr 2004 02:25:06 -0700 Received: from safer.cyphers.net ([64.220.173.134]) by keys.cyphers.net (PGP Universal service); Fri, 16 Apr 2004 02:25:06 -0700 Received: from [64.220.173.134] by safer.cyphers.net (PGP Universal service); Fri, 16 Apr 2004 02:25:06 -0700 X-PGP-Universal: processed Mime-Version: 1.0 (Apple Message framework v613) In-Reply-To: <20040415154656.GA9480@jabberwocky.com> References: <20040415154656.GA9480@jabberwocky.com> Message-Id: From: Will Price Subject: Re: "Yes, I can handle PGP/MIME" Date: Fri, 16 Apr 2004 02:24:38 -0700 To: ietf-openpgp@imc.org X-Mailer: Apple Mail (2.613) Content-Type: text/plain; format=flowed; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In the absence of a definitive non-advisory flag, we solved this problem over a year ago, and the solution is now deployed in many versions of shipping products. Since PGP products never (before PGP Universal) generated the preferred keyserver attribute on keys, we consider PGP/MIME to be a preferred encoding format if the recipient key has this flag. If the flag does not appear, we use Legacy encoding (to be distinguished from the simplistic "inline" encoding concept as real scenarios such as sending HTML, RTF, encoded multiparts, and attachments properly in a method compatible with legacy products requires far more work when not using PGP/MIME than simply encrypting a block of "inline" plaintext). Given that most PGP products before PGP Universal did not support PGP/MIME, and the only extant keys with said flag were some GPG keys, and most GPG front ends both require and only support PGP/MIME, it was a logical choice which has worked out well. Thus, we would have no use for such a flag (if you had posted your message two years ago, that would be a different answer). I don't anticipate any major email scenarios in the future which will not support at least the decoding of PGP/MIME. PGP products either do now or will use this flag in the way indicated above. Since most GPG front ends already require PGP/MIME and often set this flag on keys, the waters are already moving in the proper direction. Email formats are becoming ever more complex. PGP/MIME is the only standard solution on the table. Legacy encoding methods can be created to encapsulate MIME in a non-PGP/MIME way for maximum backwards compatibility as we have done with PGP Universal, but the complexity of creating an actual standard around such methods far exceeds the complexity of filling in the last few pieces in the transition to PGP/MIME. The illusion here is that there is an alternative to PGP/MIME. That illusion is rapidly dispelled after careful analysis of all the kinds of email from every mailer and every mail system are thrown into the pot and we try to figure out how to encode them all without PGP/MIME. It is relatively hopeless to have 100% accuracy like PGP/MIME. Should legacy formats still be used in some cases and possibly even for decades to come? Quite likely. There are some simple text/plain scenarios where using PGP/MIME just isn't worth the possibility of a compatibility issue. The reality is that the vast majority of email no longer falls into that category. While this was a bit of a hack, the facts on keys in the field match the usage of the attribute and all signs point to that continuing. I believe over the next two years we will find that the remaining deployed population unable to decode PGP/MIME will have dwindled to insignificant levels. Meanwhile, anything we discussed here right now would not have any measurable deployment until likely 2005. Thus, I would suggest that if you find yourself needing such a flag, adopting the same method would be the most advisable and simplest solution which has the advantage of already being deployed. On Apr 15, 2004, at 8:46 AM, David Shaw wrote: > Given all that, would there be some benefit in a standard way for a > user to advertise that he can handle PGP/MIME? Specifically, a > "features" subpacket bit to say "I can handle PGP/MIME". - -- Will Price, VP Engineering PGP Corporation -----BEGIN PGP SIGNATURE----- Version: PGP Universal Satellite 1.2.0 (Build 182) iQA/AwUBQH+mcqy7FkvPc+xMEQLnVgCg2UA1tg9NpTg4BJYsBWaDGr4N3QYAn3FG f7PCObydphKV/ieWNSzAoq2O =XNK6 -----END PGP SIGNATURE----- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3G7qB6T080571; Fri, 16 Apr 2004 00:52:11 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3G7qBk6080569; Fri, 16 Apr 2004 00:52:11 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from zbasel.fortytwo.ch (zbasel.fortytwo.ch [212.254.206.135]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3G7qApX080523 for ; Fri, 16 Apr 2004 00:52:10 -0700 (PDT) (envelope-from avbidder@fortytwo.ch) Received: from pc-4514.ethz.ch (pc-4514.ethz.ch [129.132.57.72]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "pc-4514.ethz.ch", Issuer "fortytwo.ch CA certificate" (verified OK)) by zbasel.fortytwo.ch (Postfix) with ESMTP id 6AF1C4B for ; Fri, 16 Apr 2004 09:52:05 +0200 (CEST) Received: by pc-4514.ethz.ch (Postfix, from userid 1000) id 066DF25DA23; Fri, 16 Apr 2004 09:52:04 +0200 (CEST) From: "Adrian 'Dagurashibanipal' von Bidder" To: ietf-openpgp@imc.org Subject: Re: "Yes, I can handle PGP/MIME" Date: Fri, 16 Apr 2004 09:52:03 +0200 User-Agent: KMail/1.6.1 References: <20040415154656.GA9480@jabberwocky.com> In-Reply-To: <20040415154656.GA9480@jabberwocky.com> MIME-Version: 1.0 Content-Disposition: inline Content-Type: Text/Plain; charset="iso-8859-1" Message-Id: <200404160952.04791@fortytwo.ch> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id i3G7qBpX080564 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 15 April 2004 17.46, David Shaw wrote: > Given all that, would there be some benefit in a standard way for a > user to advertise that he can handle PGP/MIME? Specifically, a > "features" subpacket bit to say "I can handle PGP/MIME". Since this is completely unrelated to OpenPGP itself, isn't this a good case for a notation packet on the selfsig? The big advantage is that this could be specified in the proper document - the one specifying PGP/MIME (well, when it is revised the next time), or in a document updating rfc3156. I feel it is bad design to bloat the OpenPGP spec with application specific things like this (even when email is the dominant application of OpenPGP at this time.) Notation 'pgp-mime=accept' or 'rfc3156=accept' or 'email=rfc3156' or ... (Hmmm. I like the latter - perhaps there will be other options on how email should be formatted etc., and it would allow 'email=clearsigned' if somebody wants to explicitly discourage PGP/MIME usage.) greetings - -- vbi - -- featured link: http://fortytwo.ch/gpg/subkeys -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: get my key from http://fortytwo.ch/gpg/92082481 iKcEARECAGcFAkB/kKNgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l6GuoAn1iQRdwX/fD6dUVeVau02Qaa 3d3sAJ0a9ybkJPg4RSgdrhcS2iaGO208dQ== =hOZU -----END PGP SIGNATURE----- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3FMM9ir023789; Thu, 15 Apr 2004 15:22:09 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3FMM9EK023788; Thu, 15 Apr 2004 15:22:09 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3FMM88a023773 for ; Thu, 15 Apr 2004 15:22:08 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.3) for ; Thu, 15 Apr 2004 15:22:08 -0700 Received: from [63.251.255.205] ([63.251.255.205]) by keys.merrymeet.com (PGP Universal service); Thu, 15 Apr 2004 15:22:07 -0700 In-Reply-To: <20040415154656.GA9480@jabberwocky.com> References: <20040415154656.GA9480@jabberwocky.com> Mime-Version: 1.0 (Apple Message framework v613) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <4801860D-8F2B-11D8-BD2F-000A9568596C@callas.org> Content-Transfer-Encoding: 7bit Cc: ietf-openpgp@imc.org From: Jon Callas Subject: Re: "Yes, I can handle PGP/MIME" Date: Thu, 15 Apr 2004 15:21:46 -0700 To: David Shaw X-Mailer: Apple Mail (2.613) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I have no problem with it. I'm a firm believer that we should be specifying syntax, and this is valuable syntax. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3FGZgiF076093; Thu, 15 Apr 2004 09:35:42 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3FGZgaC076092; Thu, 15 Apr 2004 09:35:42 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3FGZfsc076085 for ; Thu, 15 Apr 2004 09:35:42 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from claude.jabberwocky.com (walrus.ne.client2.attbi.com [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id i3FGZhS16238; Thu, 15 Apr 2004 12:35:43 -0400 Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id i3FGZcI10543; Thu, 15 Apr 2004 12:35:38 -0400 Date: Thu, 15 Apr 2004 12:35:38 -0400 From: David Shaw To: Kazu Yamamoto Cc: ietf-openpgp@imc.org Subject: Re: "Yes, I can handle PGP/MIME" Message-ID: <20040415163538.GB9480@jabberwocky.com> Mail-Followup-To: Kazu Yamamoto , ietf-openpgp@imc.org References: <20040415154656.GA9480@jabberwocky.com> <20040416.012232.146562382.kazu@iijlab.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040416.012232.146562382.kazu@iijlab.net> X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-Request-PGP: http://www.jabberwocky.com/david/keys.asc X-Phase-Of-Moon: The Moon is Waning Crescent (16% of Full) User-Agent: Mutt/1.5.6i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Fri, Apr 16, 2004 at 01:22:32AM +0900, Kazu Yamamoto wrote: > From: David Shaw > Subject: "Yes, I can handle PGP/MIME" > > > Given all that, would there be some benefit in a standard way for a > > user to advertise that he can handle PGP/MIME? Specifically, a > > "features" subpacket bit to say "I can handle PGP/MIME". > > Interesting. > > Bue I have a simple question: > > Suppose Alice delivered her public key which says I can't handle > PGP/MIME. Then Alice comes to be able to handle PGP/MIME. How can she > deliver her (new) public key which says I can hadle PGP/MIME, > obsoleting old one? The same way she handles it if she changes her OpenPGP program to one that can handle MDC, or has different ciphers, or changes her expiration date. This is a standard thing in OpenPGP. All of the various informational subpackets can be rewritten if their information changes. Section 5.2.3.3 says: Since a self-signature contains important information about the key's use, an implementation SHOULD allow the user to rewrite the self-signature, and important information in it, such as preferences and key expiration. David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3FGMt6j074533; Thu, 15 Apr 2004 09:22:55 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3FGMtp3074532; Thu, 15 Apr 2004 09:22:55 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from omgo.iij.ad.jp (omgo.iij.ad.jp [202.232.30.157]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3FGMsj6074526 for ; Thu, 15 Apr 2004 09:22:54 -0700 (PDT) (envelope-from kazu@iijlab.net) Received: OMGO id i3FGMuxE020363; Fri, 16 Apr 2004 01:22:56 +0900 (JST) Received: OTM-MIX0 id i3FGMtLl019628; Fri, 16 Apr 2004 01:22:55 +0900 (JST) Received: JC-SMTP from localhost (jc-ssh.iij.ad.jp [192.168.174.22]) id i3FGMsxP015873; Fri, 16 Apr 2004 01:22:55 +0900 (JST) Date: Fri, 16 Apr 2004 01:22:32 +0900 (JST) Message-Id: <20040416.012232.146562382.kazu@iijlab.net> To: dshaw@jabberwocky.com Cc: ietf-openpgp@imc.org Subject: Re: "Yes, I can handle PGP/MIME" From: Kazu Yamamoto (=?iso-2022-jp?B?GyRCOzNLXE9CSScbKEI=?=) In-Reply-To: <20040415154656.GA9480@jabberwocky.com> References: <20040415154656.GA9480@jabberwocky.com> X-Mailer: Mew version 4.0.65 on Emacs 21.3.50 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: From: David Shaw Subject: "Yes, I can handle PGP/MIME" > Given all that, would there be some benefit in a standard way for a > user to advertise that he can handle PGP/MIME? Specifically, a > "features" subpacket bit to say "I can handle PGP/MIME". Interesting. Bue I have a simple question: Suppose Alice delivered her public key which says I can't handle PGP/MIME. Then Alice comes to be able to handle PGP/MIME. How can she deliver her (new) public key which says I can hadle PGP/MIME, obsoleting old one? --Kazu Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3FFl13G072044; Thu, 15 Apr 2004 08:47:01 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i3FFl1mY072043; Thu, 15 Apr 2004 08:47:01 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i3FFl05W072037 for ; Thu, 15 Apr 2004 08:47:00 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from claude.jabberwocky.com (walrus.ne.client2.attbi.com [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id i3FFl1S15411 for ; Thu, 15 Apr 2004 11:47:02 -0400 Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id i3FFkuH10179 for ietf-openpgp@imc.org; Thu, 15 Apr 2004 11:46:56 -0400 Date: Thu, 15 Apr 2004 11:46:56 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: "Yes, I can handle PGP/MIME" Message-ID: <20040415154656.GA9480@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-Request-PGP: http://www.jabberwocky.com/david/keys.asc X-Phase-Of-Moon: The Moon is Waning Crescent (16% of Full) User-Agent: Mutt/1.5.6i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: The PGP/MIME vs inline discussion seems to be on an up-cycle, and it showed up on both the PGP and GnuPG mailing lists in the past week. I don't mean to revisit the debate itself, so suffice to say that some people use it, some people don't use it, some people can't use it, and there are difficulties when a user sends PGP/MIME to someone who can't handle it. Given all that, would there be some benefit in a standard way for a user to advertise that he can handle PGP/MIME? Specifically, a "features" subpacket bit to say "I can handle PGP/MIME". It's important not to read too much into such a feature bit. Having the bit set does not mean that PGP/MIME must be used, and having the bit unset does not mean that PGP/MIME must not be used. A PGP/MIME bit, rather like the MDC bit, simply means that the user is capable of handling a PGP/MIME message. How a sender handles that extra information is up to him. Senders remain free to use configuration, heuristics, guessing, or whatever methods they like to decide when to use PGP/MIME. To be sure, this is a little odd since OpenPGP/MIME and OpenPGP are two different things, and 2440bis is not the OpenPGP/MIME spec. Nevertheless, since you can't do OpenPGP/MIME without OpenPGP, it would be convenient to be able to advertise this capability via OpenPGP. Proposed text: In section 5.2.3.24, add: 0x02 - Recipient is capable of handling OpenPGP/MIME (RFC-3156). In the same section, change this sentence: In the case of Modification Detection, an implementation may freely infer this feature from other suitable implementation-dependent mechanisms. to: In the case of Modification Detection and OpenPGP/MIME, an implementation may freely infer this feature from other suitable implementation-dependent mechanisms. David