Re: PGP/MIME [was Re: Balsa Encrypts messages with GnuPG!]

From: Brian Stafford <brian stafford office-logic com>
To: fejj stampede org
Cc: oly mail com, balsa-list gnome org, Alan O <alan hitter net>
Subject: Re: PGP/MIME [was Re: Balsa Encrypts messages with GnuPG!]
Date: Thu, 04 Jan 2001 09:08:29 +0000

Jeffrey Stedfast wrote:

> multipart/encrypted and multipart/signed are the accepted way of doing this
> and it works a lot better too.

Although it hasn't been mentioned explicitly, S/MIME uses exactly the same MIME
structures for signing and encryption as PGP/MIME.  Only the data formats of
the encrypted data or the signatures differ (ignoring the X.509 vs web of trust
model and related issues).  I anticipate that once a full blown PGP/MIME is
available in Gmime, and that seems imminent, it won't be too hard to add the
S/MIME mechanisms using OpenSSL.  I'd love to have an MUA that did both PGP and
S/MIME.

Its worth noting that RFC 1847 was written at least in part because of the
problems and interoperability issues Jeffery has alluded to elsewhere on this
thread.

BTW. I support the idea that the old-style inline PGP stuff should be supported
for decryption.  I don't have any enthusiasm for encryption that way though.

Finally, a personal appeal.

I worry that many of the patches contributed come from folks who have never read
the RFCs.  This thread struck me as being in this vein.  Queries raised on this
and other lists are often easily answered by reading the documents and making
decisions based on the information they contain, in this case what fits with the
MIME structure and the use of signing and encryption.

Fundamentally email is the most mission critical application of all, yet it has
suffered from years of abuse by software authors who code from broken examples
or from examining messages and inferring what the code should do to make them.
The IETF DRUMS working group, chartered to update and consolidate the current
electronic mail RFCs some of which date back to 1982, has been on the go for
years and has only now got the new drafts to the RFC editor, such has been the
difficulty of the task.  This work is wasted if programmers continue to ignore
the standards, which is inexcusable.  Interoperability in email is crucial, it
cannot be understated.  For example, consider those who send M$ RTF messages
(through no fault of their own).

Bottom line; read the RFCs first.  They are free and easily obtained.

--
Brian Stafford

References:
- Trapping messages
  - From: Sam
- Re: Balsa Encrypts messages with GnuPG!
  - From: Alan O
- Re: Balsa Encrypts messages with GnuPG!
  - From: Brian Stafford
- Re: Balsa Encrypts messages with GnuPG!
  - From: Oliver Oberdorf
- PGP/MIME [was Re: Balsa Encrypts messages with GnuPG!]
  - From: Jeffrey Stedfast

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]