Mailing List Archive

"John A. Martin" <jam@jamux.com> writes:

> Is it an OpenPGP requirement? Older PGPs did not do it.

No.

> Is it intended to indicate that is is from a system that might have a
> good /dev/random? Is that necessary?

Yes. I like to see it :-)

> Version: GNUPG v0.4.1 (GNU/Linux)

Maybe
gnupg v0.4.1 (GNU/Linux)

looks more pretty?


Werner

"John A. Martin" <jam@jamux.com> writes:

> -----BEGIN PGP SIGNATURE-----

ASCII armors are depreciated - you should use MIME ;-)


Werner

Is there a good way to do this in pine?

On Sat, 10 Oct 1998, Werner Koch wrote:

> "John A. Martin" <jam@jamux.com> writes:
>
> > -----BEGIN PGP SIGNATURE-----
>
> ASCII armors are depreciated - you should use MIME ;-)
>
>
> Werner
>

Werner Koch writes:
"John A. Martin" <jam@jamux.com> writes:
> -----BEGIN PGP SIGNATURE-----
ASCII armors are depreciated - you should use MIME ;-)

Forgive the digression, but what would the proper MIME type be? :)

rone
--
Ron Echeverri Numerical Aerodynamic Simulation Facility
DSS/Usenet Administrator NASA Ames Research Center
Internet Sysop Mountain View, CA
<rone@nas.nasa.gov> x42771

On Mon, Oct 12, 1998 at 11:52:23AM -0700, Ron Echeverri wrote:

> Forgive the digression, but what would the proper MIME type be? :)

See RFC 2015. (Or just use mutt. ;-)

tlr
--
Thomas Roessler · 74a353cc0b19 · dg1ktr · http://home.pages.de/~roessler/
2048/CE6AC6C1 · 4E 04 F0 BC 72 FF 14 23 44 85 D1 A1 3B B0 73 C1

On Mon, Oct 12, 1998 at 11:52:23AM -0700, Ron Echeverri wrote:
> Werner Koch writes:
> "John A. Martin" <jam@jamux.com> writes:
> > -----BEGIN PGP SIGNATURE-----
> ASCII armors are depreciated - you should use MIME ;-)
>
> Forgive the digression, but what would the proper MIME type be? :)

Content-Type: application/pgp; format=text; x-action=sign

--
Brian Moore | "The Zen nature of a spammer resembles
Sysadmin, C/Perl Hacker | a cockroach, except that the cockroach
Usenet Vandal | is higher up on the evolutionary chain."
Netscum, Bane of Elves. Peter Olson, Delphi Postmaster

On 98.10.12 brian moore pressed the following keys:

> On Mon, Oct 12, 1998 at 11:52:23AM -0700, Ron Echeverri wrote:
> > Werner Koch writes:
> > "John A. Martin" <jam@jamux.com> writes:
> > > -----BEGIN PGP SIGNATURE-----
> > ASCII armors are depreciated - you should use MIME ;-)
> >
> > Forgive the digression, but what would the proper MIME type be? :)
>
> Content-Type: application/pgp; format=text; x-action=sign

And what is the RFC that describes this beast?

Reptile

PS. Yes, I am picky, because there is RFC about PGP encapsulated in MIME.
RFC2015.

--
------------------[Gadzinka]--[http://reptile.eu.org/]--[Cyber Service]--
--[Carry a gun and a condom.]--------------------------------------------
---------------------------(make love not war but be prepared for both)--

>>>>> "Robert" == Robert Richard George 'reptile' Wal
>>>>> "Re: Version" (Mon, 12 Oct 1998 22:49:51 +0200)

Robert> On 98.10.12 brian moore pressed the following keys:
>> On Mon, Oct 12, 1998 at 11:52:23AM -0700, Ron Echeverri wrote:
>> > Werner Koch writes:
>> > "John A. Martin" <jam@jamux.com> writes:
>> > > -----BEGIN PGP SIGNATURE-----
>> > ASCII armors are depreciated - you should use MIME ;-)
>> >
>> > Forgive the digression, but what would the proper MIME type
>> > be? :)
>>
>> Content-Type: application/pgp; format=text; x-action=sign

Robert> And what is the RFC that describes this beast?

Robert> Reptile

Robert> PS. Yes, I am picky, because there is RFC about PGP
Robert> encapsulated in MIME. RFC2015.

Why break peanuts with a sledge hammer. Why use MIME for simple text?

Recall that rfc2015 says

The ASCII armor output is the REQUIRED method for data transfer.

Now what am I missing?

jam

On Mon, Oct 12, 1998 at 10:49:51PM +0200, Robert Richard George 'reptile' Wal wrote:
> On 98.10.12 brian moore pressed the following keys:
>
> > On Mon, Oct 12, 1998 at 11:52:23AM -0700, Ron Echeverri wrote:
> > > Werner Koch writes:
> > > "John A. Martin" <jam@jamux.com> writes:
> > > > -----BEGIN PGP SIGNATURE-----
> > > ASCII armors are depreciated - you should use MIME ;-)
> > >
> > > Forgive the digression, but what would the proper MIME type be? :)
> >
> > Content-Type: application/pgp; format=text; x-action=sign
>
> And what is the RFC that describes this beast?

None that I've seen.

> Reptile
>
> PS. Yes, I am picky, because there is RFC about PGP encapsulated in MIME.
> RFC2015.

Depends on the mail client. The original method (non-multipart) still
works, and is generated (and accepted) by a large number of clients.

Note that not everything is documented with RFCs. (HTTP existed long
before an RFC described it -- it's still a very successful protocol.)

--
Brian Moore | "The Zen nature of a spammer resembles
Sysadmin, C/Perl Hacker | a cockroach, except that the cockroach
Usenet Vandal | is higher up on the evolutionary chain."
Netscum, Bane of Elves. Peter Olson, Delphi Postmaster

On Mon, 12 Oct 1998, John A. Martin wrote:
>
> Robert> On 98.10.12 brian moore pressed the following keys:
> >> On Mon, Oct 12, 1998 at 11:52:23AM -0700, Ron Echeverri wrote:
> >> > Werner Koch writes:
> >> > "John A. Martin" <jam@jamux.com> writes:
> >> > > -----BEGIN PGP SIGNATURE-----
> >> > ASCII armors are depreciated - you should use MIME ;-)
> >> >
> >> > Forgive the digression, but what would the proper MIME type
> >> > be? :)
> >>
> >> Content-Type: application/pgp; format=text; x-action=sign
>
> Robert> And what is the RFC that describes this beast?
>
> Robert> Reptile
>
> Robert> PS. Yes, I am picky, because there is RFC about PGP
> Robert> encapsulated in MIME. RFC2015.
>
>Why break peanuts with a sledge hammer. Why use MIME for simple text?
>
>Recall that rfc2015 says
>
> The ASCII armor output is the REQUIRED method for data transfer.
>
>Now what am I missing?

Simple. There are detached signatures, which are easy to implement, there is
the Application/PGP MIME type, which is supported by most PGP/MIME clients, and
there is a new PGP/MIME, which PGP5/Eudora/Outlook uses, which makes an
attachment called "Application/PGP", which only contains the text "Version: 1",
and then the *real* stuff is in another attachment called
Application/octet-stream. That last one, the "most recent version of PGP/MIME",
is difficult to implement in a non-GPLed mail program (I write pgp4pine, so I
know how hard it is, I still can't do that last one). I don't know of *any*
mail client that doesn't support the inline pgp (the "ascii armor" mentioned at
the top, I believe), and most support the PGP/Application if they support PGP
at all. Just the last one is not really supported. <shrug> I don't even think
there's an RFC for it, although I could be wrong.

--

Chris Wiegand

'If Bill Gates had a dime for every time Windows crashed...
... Oh wait a minute, he already does...' - Anonymous

Linux \'lih-nucks\ n.: Antidote to the computer viri known as Windows.

On Mon, 12 Oct 1998, Chris Wiegand wrote:
> mail client that doesn't support the inline pgp (the "ascii armor" mentioned at
> the top, I believe), and most support the PGP/Application if they support PGP

I think it's unfortunate that people (notably Werner) are deprecating
non-MIME "ASCII armour" format, because that attitude seems to limit GPG
to email. Yes, MIME is probably the best thing to use for signing email
messages. But I often use GPG or PGP to sign documents that aren't email
messages. How about a contract or some other kind of legal notice? I
often want to create a file with clear text and a signature in it, that
will be printable and be a single file and not particularly an email
message. I could do a detached signature thing, but then I have two files
floating around that I have to keep together, in order to represent the
signed document that I see as a single object which should fit in a single
file. Also, the detached signature isn't printable unless I ASCII-armour
it, which brings us full circle.

If you're forcing everyone to use MIME, it appears that what I have to do
is format my document as an email message with a MIME attachment. This
seems non-optimal. A MIME message doesn't look very good when read as a
text file with any kind of software that isn't a MIME user agent. The
original PGP clear-signature format, despite its problems, is clearly
comprehensible when viewed without software that understands it. It seems
to me that for this kind of non-email purpose, the PGP format is not
broken and does not need to be fixed with MIME.

"Let me lose so beautifully http://www.islandnet.com/~mskala/
Let me lick the dew from the money tree Matthew Skala
Have the moms of the world all care about me Ansuz BBS
At suppertime" - Odds (250) 472-3169

Chris Wiegand <cwiegand@urgentmail.com> writes:

> Application/octet-stream. That last one, the "most recent version of PGP/MIME",
> is difficult to implement in a non-GPLed mail program (I write pgp4pine, so I
> know how hard it is, I still can't do that last one). I don't know of *any*

Can you short explain what's the problem with that?
Is it that you must know the used hash algorithm? I can add a status
output which gives this information.


Werner

On Mon, Oct 12, 1998 at 05:31:43PM -0400, John A. Martin wrote:

> Recall that rfc2015 says

> The ASCII armor output is the REQUIRED method for data transfer.

> Now what am I missing?

Basically the fact that RFC 2015 defines mime encapsulation of
signed text and signature in a way which can be handled by about any
MIME-capable mail user agent.

tlr
--
Thomas Roessler · 74a353cc0b19 · dg1ktr · http://home.pages.de/~roessler/
2048/CE6AC6C1 · 4E 04 F0 BC 72 FF 14 23 44 85 D1 A1 3B B0 73 C1

On Mon, Oct 12, 1998 at 02:32:57PM -0700, brian moore wrote:

> Depends on the mail client. The original method (non-multipart) still
> works, and is generated (and accepted) by a large number of clients.

Nevertheless, you have some problems with character set tagging and
the like.

tlr
--
Thomas Roessler · 74a353cc0b19 · dg1ktr · http://home.pages.de/~roessler/
2048/CE6AC6C1 · 4E 04 F0 BC 72 FF 14 23 44 85 D1 A1 3B B0 73 C1

On Mon, Oct 12, 1998 at 08:22:47PM -0600, Chris Wiegand wrote:

> Simple. There are detached signatures, which are easy to implement,
> there is the Application/PGP MIME type, which is supported by most
> PGP/MIME clients, and there is a new PGP/MIME, which
> PGP5/Eudora/Outlook uses, which makes an attachment called
> "Application/PGP", which only contains the text "Version: 1", and
> then the *real* stuff is in another attachment called
> Application/octet-stream.

Sorry, this is wrong. You are talking about multipart/encrypted;
protocol=pgp multiparts. The first body part of these beasts is
application/pgp-encrypted with that "Version" parameter. The
application/octet-stream body part contains the ascii-armoured
version of the signed and encrypted message.

Apart of this, this body part is by no way more recent than the
detached signature stuff - both of them are defined in RFC 2015.

> Just the last one is not really supported. <shrug> I don't even
> think there's an RFC for it, although I could be wrong.

You should _really_ read RFC 2015.

tlr

PS: there is a GPLed MUA which supports that stuff.
--
Thomas Roessler · 74a353cc0b19 · dg1ktr · http://home.pages.de/~roessler/
2048/CE6AC6C1 · 4E 04 F0 BC 72 FF 14 23 44 85 D1 A1 3B B0 73 C1

Matthew Skala <mskala@ansuz.sooke.bc.ca> writes:

> I think it's unfortunate that people (notably Werner) are deprecating
> non-MIME "ASCII armour" format, because that attitude seems to limit GPG

Only for email. Did you noticed that I clear-signed the README file :-)


Werner