[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: clearsigned sigs

To: Hal Finney <hal@xxxxxxxx>
Subject: Re: clearsigned sigs
From: Ian Brown <I.Brown@xxxxxxxxxxxx>
Date: Fri, 14 Nov 1997 16:56:03 +0000
Cc: ietf-open-pgp@xxxxxxx, mark@xxxxxxxxxxx
References: <>
Sender: owner-ietf-open-pgp@xxxxxxx

Hal Finney wrote:

> I am considering doing sign-and-encrypt by clearsigning and then
> encrypting the clearsigned message.  This way you just decrypt and are
> left with a nice clearsigned message, which you can then verify.

>From PGP/MIME:

> 6.2  Combined method
> 
> Versions 2.x of PGP also allow data to be signed and encrypted in one
> operation.  This method is an acceptable shortcut, and has the
> benefit of less overhead.  The resulting data should be formed as a
> "multipart/encrypted" object as described above.
> 
> Messages which are encrypted and signed in this combined fashion are
> REQUIRED to follow the same canonicalization rules as for
> multipart/signed objects.
> 
> It is explicitly allowed for an agent to decrypt a combined message
> and rewrite it as a multipart/signed object using the signature data
> embedded in the encrypted version.

Could your MUA could do this automatically and rewrite a
signed+encrypted message as cleartext plus a signature message part?
This even hides the PGP data in the mailer, which I like.

Ian.

Follow-Ups:
- Re: clearsigned sigs
  - From: William H. Geiger III

References:
- Re: clearsigned sigs
  - From: Hal Finney

Prev by Date: Re: clearsigned sigs
Next by Date: closedPGP vs openSMIME
Previous by thread: Re: clearsigned sigs
Next by thread: Re: clearsigned sigs
Index(es):
- Date
- Thread