Re: OpenPGP vs. OpenPGP/MIME

[Derek Atkins <warlord@xxxxxxx>]

The point behind the micalg= parameter was for ease in implementation
of a one-pass processing.  If you know in advance to setup an md5
or sha1 hash processor, you can process the message through the hash
before you get to the signature portion.

At least that was why it was done originally,

-derek

Simon Josefsson <simon+ietf-openpgp@xxxxxxxxxxxxx> writes:

> Werner Koch <wk@xxxxxxxxx> writes:
> 
> >> (3) It's not clear how a receiving MUA should do when the value of
> >>     the micalg parameter is differnt from the value specified in the
> >>     second part(e.g a PGP packet for PGP/MIME).
> >
> > For PGP just ignore it.  It does not make sense because you can't just
> > feed the hash into a OpenPGP verifier (there are other informations
> > needed to be hashed along with the message).
> 
> This view isn't consistent with how I read RFC 3156, it seems to
> require that applications populate the field with the MIC algorithm
> used to hash the message.  Using the wrong micalg value causes
> problems.
> 
> IMHO either the micalg parameter should be made optional, or the
> PGP/MIME spec should suggest using a dummy value ("micalg=pgp") to
> signal to the application that the algorithm specified in the OpenPGP
> blob should be used.

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@xxxxxxx                        PGP key available