[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OpenPGP vs. OpenPGP/MIME
Werner Koch <wk@xxxxxxxxx> writes:
>> (3) It's not clear how a receiving MUA should do when the value of
>> the micalg parameter is differnt from the value specified in the
>> second part(e.g a PGP packet for PGP/MIME).
> For PGP just ignore it. It does not make sense because you can't just
> feed the hash into a OpenPGP verifier (there are other informations
> needed to be hashed along with the message).
This view isn't consistent with how I read RFC 3156, it seems to
require that applications populate the field with the MIC algorithm
used to hash the message. Using the wrong micalg value causes
IMHO either the micalg parameter should be made optional, or the
PGP/MIME spec should suggest using a dummy value ("micalg=pgp") to
signal to the application that the algorithm specified in the OpenPGP
blob should be used.