Re: Well now that we're signing...
-----BEGIN PGP SIGNED MESSAGE----- I disagree also with posting public keys to the list, but I think anyone who signs their messages should either have their key in the keyservers or should at least provide information on how to get the key along with the message. Why bother signing if your key is not available? Something I was wondering about is what should be done with signatures that don't check out. For the most part it is due to a bug in the signing/mailing procedure, rather than an actual spoof. Is there an ettiquette for contacting the person who posted the missigned message. Do people want to know if their sigs didn't check out? - -Craig Ëaig Steinberger stein-c@eng.buffalo.edu SUNY at Buffalo CFD Lab send mail with subject PGPKEY for PGP Key -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLuKKpMI9bVMUIPr9AQEqugQAgiPQaW6J0PuBuaCZB8+V2nXNCjRrdB68 N67rDSRwv82Kri+QDSIggbtuuuqAJp/u750x1CSCGWd+SgwPENs0mRlW+bEh5IB2 Oqq0GnQ6E8PdLvVDneAVdrdBymyz5csAgTCOKgRc90XPycMGi/aMa2Kk8KglAR4K qZgVBN+P4XY= =A66/ -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- For all of you out there who are using MIME headers: There is now an official mime type for PGP (and an RFC to accompany it). Please dont post messages with type "text/x-pgp" or other rot anymore. thanx, brad -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQBVAwUBLuNNUXAfGuY25h+xAQHAQwH+JfzPeEVaUiO/BJdLGlZX9cJAlqIiebie PybwfmbD8JEEf6uQiNXQRn9jD+6h6j/0QPvhD4/PqY7Oxi4kwp814A== =ijlH -----END PGP SIGNATURE-----
Brad Huntting writes:
For all of you out there who are using MIME headers: There is now an official mime type for PGP (and an RFC to accompany it). Please dont post messages with type "text/x-pgp" or other rot anymore.
Where? Which RFC? I just checked the IANA media-types directory (at ftp://ftp.isi.edu/in-notes/iana/assignments/media-types), and there was no PGP type listed. I also searched through recent RFC titles, and found nothing appropriate. There is of course a draft by Nat Borenstein et al, but it is not an official RFC yet. Therefore, it is not valid MIME. Last I heard, it was taking a fairly low priority. The draft doesn't address the fact that a clearsigned message is readable text, and therefore should be text/pgp rather than application/pgp. He is planning to fix this. My premail software generates the application/x-pgp type, which _is_ valid MIME. So is text/x-pgp, which I don't support yet because premail 0.30 doesn't do clearsigning (hopefully, the next release will). I am eager to switch to the official MIME type as soon as it is out. If anyone knows better, please let me know. Raph
participants (3)
-
Brad Huntting -
Craig Steinberger -
raph@netcom.com