draft-ietf-openpgp-mime-08.txt   rfc3156.txt 
Network Working Group M. Elkins Network Working Group M. Elkins
draft-ietf-openpgp-mime-08.txt Network Associates, Inc. Request for Comments: 3156 Network Associates, Inc.
Obsoletes: 2015 D. Del Torto Updates: 2015 D. Del Torto
CryptoRights Foundation Category: Standards Track CryptoRights Foundation
R. Levien R. Levien
University of California at Berkeley University of California at Berkeley
T. Roessler T. Roessler
July 2001 August 2001
MIME Security with OpenPGP MIME Security with OpenPGP
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document specifies an Internet standards track protocol for the
all provisions of Section 10 of RFC2026. Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Internet-Drafts are working documents of the Internet Engineering Official Protocol Standards" (STD 1) for the standardization state
Task Force (IETF), its areas, and its working groups. Note that and status of this protocol. Distribution of this memo is unlimited.
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet- Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at Copyright Notice
http://www.ietf.org/shadow.html.
Copyright (C) The Internet Society 2001. All Rights Reserved. Copyright (C) The Internet Society (2001). All Rights Reserved.
Abstract Abstract
This document describes how the OpenPGP Message Format [1] can be This document describes how the OpenPGP Message Format can be used to
used to provide privacy and authentication using the Multipurpose provide privacy and authentication using the Multipurpose Internet
Internet Mail Extensions (MIME) security content types described in Mail Extensions (MIME) security content types described in RFC 1847.
RFC 1847 [2].
This draft is being discussed on the "ietf-openpgp" mailing list. To
join the list, send a message to <ietf-openpgp-request@imc.org> with
the single word "subscribe" in the subject. An archive of the
working group's list is located at <http://www.imc.org/ietf-openpgp>.
1. Introduction 1. Introduction
Work on integrating PGP (Pretty Good Privacy) with MIME [3] Work on integrating PGP (Pretty Good Privacy) with MIME [3]
(including the since withdrawn "application/pgp" content type) prior (including the since withdrawn "application/pgp" content type) prior
to RFC 2015 suffered from a number of problems, the most significant to RFC 2015 suffered from a number of problems, the most significant
of which is the inability to recover signed message bodies without of which is the inability to recover signed message bodies without
parsing data structures specific to PGP. RFC 2015 makes use of the parsing data structures specific to PGP. RFC 2015 makes use of the
elegant solution proposed in RFC 1847, which defines security elegant solution proposed in RFC 1847, which defines security
multipart formats for MIME. The security multiparts clearly separate multipart formats for MIME. The security multiparts clearly separate
the signed message body from the signature, and have a number of the signed message body from the signature, and have a number of
other desirable properties. This document revises RFC 2015 to adopt other desirable properties. This document revises RFC 2015 to adopt
the integration of PGP and MIME to the needs which emerged during the the integration of PGP and MIME to the needs which emerged during the
work on the OpenPGP specification. work on the OpenPGP specification.
This document defines three content types for implementing security This document defines three content types for implementing security
and privacy with OpenPGP: "application/pgp-encrypted", and privacy with OpenPGP: "application/pgp-encrypted",
"application/pgp-signature" and "application/pgp-keys". "application/pgp-signature" and "application/pgp-keys".
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119. document are to be interpreted as described in RFC 2119.
2. OpenPGP data formats 2. OpenPGP data formats
OpenPGP implementations can generate either ASCII armor (described in OpenPGP implementations can generate either ASCII armor (described in
[1]) or 8-bit binary output when encrypting data, generating a [1]) or 8-bit binary output when encrypting data, generating a
digital signature, or extracting public key data. The ASCII armor digital signature, or extracting public key data. The ASCII armor
output is the REQUIRED method for data transfer. This allows those output is the REQUIRED method for data transfer. This allows those
users who do not have the means to interpret the formats described in users who do not have the means to interpret the formats described in
this document to be able to extract and use the OpenPGP information this document to be able to extract and use the OpenPGP information
in the message. in the message.
When the amount of data to be transmitted requires that it be sent in When the amount of data to be transmitted requires that it be sent in
many parts, the MIME message/partial mechanism SHOULD be used rather many parts, the MIME message/partial mechanism SHOULD be used rather
than the multi-part ASCII armor OpenPGP format. than the multi-part ASCII armor OpenPGP format.
3. Content-Transfer-Encoding restrictions 3. Content-Transfer-Encoding restrictions
Multipart/signed and multipart/encrypted are to be treated by agents Multipart/signed and multipart/encrypted are to be treated by agents
as opaque, meaning that the data is not to be altered in any way [2], as opaque, meaning that the data is not to be altered in any way [2],
[7]. However, many existing mail gateways will detect if the next hop [7]. However, many existing mail gateways will detect if the next
does not support MIME or 8-bit data and perform conversion to either hop does not support MIME or 8-bit data and perform conversion to
Quoted-Printable or Base64. This presents serious problems for either Quoted-Printable or Base64. This presents serious problems
multipart/signed, in particular, where the signature is invalidated for multipart/signed, in particular, where the signature is
when such an operation occurs. For this reason all data signed invalidated when such an operation occurs. For this reason all data
according to this protocol MUST be constrained to 7 bits (8-bit data signed according to this protocol MUST be constrained to 7 bits (8-
MUST be encoded using either Quoted-Printable or Base64). Note that bit data MUST be encoded using either Quoted-Printable or Base64).
this also includes the case where a signed object is also encrypted Note that this also includes the case where a signed object is also
(see section 6). This restriction will increase the likelihood that encrypted (see section 6). This restriction will increase the
the signature will be valid upon receipt. likelihood that the signature will be valid upon receipt.
Additionally, implementations MUST make sure that no trailing Additionally, implementations MUST make sure that no trailing
whitespace is present after the MIME encoding has been applied. whitespace is present after the MIME encoding has been applied.
Note: In most cases, trailing whitespace can either be removed, or Note: In most cases, trailing whitespace can either be removed, or
protected by applying an appropriate content-transfer-encoding. protected by applying an appropriate content-transfer-encoding.
However, special care must be taken when any header lines - either However, special care must be taken when any header lines - either
in MIME entity headers, or in embedded RFC 822 headers - are in MIME entity headers, or in embedded RFC 822 headers - are
present which only consist of whitespace: Such lines must be present which only consist of whitespace: Such lines must be
removed entirely, since replacing them by empty lines would turn removed entirely, since replacing them by empty lines would turn
skipping to change at page 3, line 33 skipping to change at page 3, line 12
avoid compatibility problems with PGP implementations which avoid compatibility problems with PGP implementations which
predate the OpenPGP specification. predate the OpenPGP specification.
Note: If any line begins with the string "From ", it is strongly Note: If any line begins with the string "From ", it is strongly
suggested that either the Quoted-Printable or Base64 MIME encoding suggested that either the Quoted-Printable or Base64 MIME encoding
be applied. If Quoted-Printable is used, at least one of the be applied. If Quoted-Printable is used, at least one of the
characters in the string should be encoded using the hexadecimal characters in the string should be encoded using the hexadecimal
coding rule. This is because many mail transfer and delivery coding rule. This is because many mail transfer and delivery
agents treat "From " (the word "from" followed immediately by a agents treat "From " (the word "from" followed immediately by a
space character) as the start of a new message and thus insert a space character) as the start of a new message and thus insert a
right angle-bracket (>) in front of any line beginning with "From right angle-bracket (>) in front of any line beginning with
" to distinguish this case, invalidating the signature. "From " to distinguish this case, invalidating the signature.
Data that is ONLY to be encrypted is allowed to contain 8-bit Data that is ONLY to be encrypted is allowed to contain 8-bit
characters and trailing whitespace and therefore need not undergo the characters and trailing whitespace and therefore need not undergo the
convertion to a 7bit format, and the stripping of whitespace. conversion to a 7bit format, and the stripping of whitespace.
Implementor's note: It cannot be stressed enough that applications Implementor's note: It cannot be stressed enough that applications
using this standard follow MIME's suggestion that you "be using this standard follow MIME's suggestion that you "be
conservative in what you generate, and liberal in what you conservative in what you generate, and liberal in what you
accept." In this particular case it means it would be wise for an accept." In this particular case it means it would be wise for an
implementation to accept messages with any content-transfer- implementation to accept messages with any content-transfer-
encoding, but restrict generation to the 7-bit format required by encoding, but restrict generation to the 7-bit format required by
this memo. This will allow future compatibility in the event the this memo. This will allow future compatibility in the event the
Internet SMTP framework becomes 8-bit friendly. Internet SMTP framework becomes 8-bit friendly.
skipping to change at page 4, line 16 skipping to change at page 3, line 39
Before OpenPGP encryption, the data is written in MIME canonical Before OpenPGP encryption, the data is written in MIME canonical
format (body and headers). format (body and headers).
OpenPGP encrypted data is denoted by the "multipart/encrypted" OpenPGP encrypted data is denoted by the "multipart/encrypted"
content type, described in [2], and MUST have a "protocol" parameter content type, described in [2], and MUST have a "protocol" parameter
value of "application/pgp-encrypted". Note that the value of the value of "application/pgp-encrypted". Note that the value of the
parameter MUST be enclosed in quotes. parameter MUST be enclosed in quotes.
The multipart/encrypted MIME body MUST consist of exactly two body The multipart/encrypted MIME body MUST consist of exactly two body
parts, the first with content type "application/pgp-encrypted". This parts, the first with content type "application/pgp-encrypted". This
body contains the control information. A message complying with this body contains the control information. A message complying with this
standard MUST contain a "Version: 1" field in this body. Since the standard MUST contain a "Version: 1" field in this body. Since the
OpenPGP packet format contains all other information necessary for OpenPGP packet format contains all other information necessary for
decrypting, no other information is required here. decrypting, no other information is required here.
The second MIME body part MUST contain the actual encrypted data. It The second MIME body part MUST contain the actual encrypted data. It
MUST be labeled with a content type of "application/octet-stream". MUST be labeled with a content type of "application/octet-stream".
Example message: Example message:
From: Michael Elkins <elkins@aero.org> From: Michael Elkins <elkins@aero.org>
To: Michael Elkins <elkins@aero.org> To: Michael Elkins <elkins@aero.org>
Mime-Version: 1.0 Mime-Version: 1.0
Content-Type: multipart/encrypted; boundary=foo; Content-Type: multipart/encrypted; boundary=foo;
protocol="application/pgp-encrypted" protocol="application/pgp-encrypted"
--foo --foo
Content-Type: application/pgp-encrypted Content-Type: application/pgp-encrypted
Version: 1 Version: 1
--foo --foo
Content-Type: application/octet-stream Content-Type: application/octet-stream
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
Version: 2.6.2 Version: 2.6.2
hIwDY32hYGCE8MkBA/wOu7d45aUxF4Q0RKJprD3v5Z9K1YcRJ2fve87lMlDlx4Oj hIwDY32hYGCE8MkBA/wOu7d45aUxF4Q0RKJprD3v5Z9K1YcRJ2fve87lMlDlx4Oj
eW4GDdBfLbJE7VUpp13N19GL8e/AqbyyjHH4aS0YoTk10QQ9nnRvjY8nZL3MPXSZ eW4GDdBfLbJE7VUpp13N19GL8e/AqbyyjHH4aS0YoTk10QQ9nnRvjY8nZL3MPXSZ
g9VGQxFeGqzykzmykU6A26MSMexR4ApeeON6xzZWfo+0yOqAq6lb46wsvldZ96YA g9VGQxFeGqzykzmykU6A26MSMexR4ApeeON6xzZWfo+0yOqAq6lb46wsvldZ96YA
AABH78hyX7YX4uT1tNCWEIIBoqqvCeIMpp7UQ2IzBrXg6GtukS8NxbukLeamqVW3 AABH78hyX7YX4uT1tNCWEIIBoqqvCeIMpp7UQ2IzBrXg6GtukS8NxbukLeamqVW3
1yt21DYOjuLzcMNe/JNsD9vDVCvOOG3OCi8= 1yt21DYOjuLzcMNe/JNsD9vDVCvOOG3OCi8=
=zzaA =zzaA
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
--foo-- --foo--
5. OpenPGP signed data 5. OpenPGP signed data
OpenPGP signed messages are denoted by the "multipart/signed" content OpenPGP signed messages are denoted by the "multipart/signed" content
type, described in [2], with a "protocol" parameter which MUST have a type, described in [2], with a "protocol" parameter which MUST have a
value of "application/pgp-signature" (MUST be quoted). value of "application/pgp-signature" (MUST be quoted).
The "micalg" parameter for the "application/pgp-signature" protocol The "micalg" parameter for the "application/pgp-signature" protocol
MUST contain exactly one hash-symbol of the format "pgp-<hash- MUST contain exactly one hash-symbol of the format "pgp-<hash-
identifier>", where <hash-identifier> identifies the Message identifier>", where <hash-identifier> identifies the Message
skipping to change at page 6, line 6 skipping to change at page 4, line 50
text name to lower case and prefixing it with the four characters text name to lower case and prefixing it with the four characters
"pgp-". "pgp-".
Currently defined values are "pgp-md5", "pgp-sha1", "pgp-ripemd160", Currently defined values are "pgp-md5", "pgp-sha1", "pgp-ripemd160",
"pgp-md2", "pgp-tiger192", and "pgp-haval-5-160". "pgp-md2", "pgp-tiger192", and "pgp-haval-5-160".
The multipart/signed body MUST consist of exactly two parts. The The multipart/signed body MUST consist of exactly two parts. The
first part contains the signed data in MIME canonical format, first part contains the signed data in MIME canonical format,
including a set of appropriate content headers describing the data. including a set of appropriate content headers describing the data.
The second body MUST contain the OpenPGP digital signature. It MUST The second body MUST contain the OpenPGP digital signature. It MUST
be labeled with a content type of "application/pgp-signature". be labeled with a content type of "application/pgp-signature".
Note: Implementations can either generate "signatures of a Note: Implementations can either generate "signatures of a
canonical text document" or "signatures of a binary document", as canonical text document" or "signatures of a binary document", as
defined in [1]. The restrictions on the signed material put forth defined in [1]. The restrictions on the signed material put forth
in section 3 and in this section will make sure that the various in section 3 and in this section will make sure that the various
MIC algorithm variants specified in [1] and [5] will all produce MIC algorithm variants specified in [1] and [5] will all produce
the same result. the same result.
When the OpenPGP digital signature is generated: When the OpenPGP digital signature is generated:
(1) The data to be signed MUST first be converted to its content- (1) The data to be signed MUST first be converted to its content-
type specific canonical form. For text/plain, this means type specific canonical form. For text/plain, this means
conversion to an appropriate character set and conversion of conversion to an appropriate character set and conversion of
line endings to the canonical <CR><LF> sequence. line endings to the canonical <CR><LF> sequence.
(2) An appropriate Content-Transfer-Encoding is then applied; see (2) An appropriate Content-Transfer-Encoding is then applied; see
section 3. In particular, line endings in the encoded data MUST section 3. In particular, line endings in the encoded data
use the canonical <CR><LF> sequence where appropriate (note that MUST use the canonical <CR><LF> sequence where appropriate
the canonical line ending may or may not be present on the last (note that the canonical line ending may or may not be present
line of encoded data and MUST NOT be included in the signature on the last line of encoded data and MUST NOT be included in
if absent). the signature if absent).
(3) MIME content headers are then added to the body, each ending (3) MIME content headers are then added to the body, each ending
with the canonical <CR><LF> sequence. with the canonical <CR><LF> sequence.
(4) As described in section 3 of this document, any trailing (4) As described in section 3 of this document, any trailing
whitespace MUST then be removed from the signed material. whitespace MUST then be removed from the signed material.
(5) As described in [2], the digital signature MUST be calculated (5) As described in [2], the digital signature MUST be calculated
over both the data to be signed and its set of content headers. over both the data to be signed and its set of content headers.
(6) The signature MUST be generated detached from the signed data so (6) The signature MUST be generated detached from the signed data
that the process does not alter the signed data in any way. so that the process does not alter the signed data in any way.
Note: The accepted OpenPGP convention is for signed data to end Note: The accepted OpenPGP convention is for signed data to end
with a <CR><LF> sequence. Note that the <CR><LF> sequence with a <CR><LF> sequence. Note that the <CR><LF> sequence
immediately preceding a MIME boundary delimiter line is considered immediately preceding a MIME boundary delimiter line is considered
to be part of the delimiter in [3], 5.1. Thus, it is not part of to be part of the delimiter in [3], 5.1. Thus, it is not part of
the signed data preceding the delimiter line. An implementation the signed data preceding the delimiter line. An implementation
which elects to adhere to the OpenPGP convention has to make sure which elects to adhere to the OpenPGP convention has to make sure
it inserts a <CR><LF> pair on the last line of the data to be it inserts a <CR><LF> pair on the last line of the data to be
signed and transmitted (signed message and transmitted message signed and transmitted (signed message and transmitted message
MUST be identical). MUST be identical).
Example message: Example message:
From: Michael Elkins <elkins@aero.org> From: Michael Elkins <elkins@aero.org>
To: Michael Elkins <elkins@aero.org> To: Michael Elkins <elkins@aero.org>
Mime-Version: 1.0 Mime-Version: 1.0
Content-Type: multipart/signed; boundary=bar; micalg=pgp-md5; Content-Type: multipart/signed; boundary=bar; micalg=pgp-md5;
protocol="application/pgp-signature" protocol="application/pgp-signature"
--bar --bar
& Content-Type: text/plain; charset=iso-8859-1 & Content-Type: text/plain; charset=iso-8859-1
& Content-Transfer-Encoding: quoted-printable & Content-Transfer-Encoding: quoted-printable
& &
& =A1Hola! & =A1Hola!
& &
& Did you know that talking to yourself is a sign of senility? & Did you know that talking to yourself is a sign of senility?
& &
& It's generally a good idea to encode lines that begin with & It's generally a good idea to encode lines that begin with
& From=20because some mail transport agents will insert a greater- & From=20because some mail transport agents will insert a greater-
& than (>) sign, thus invalidating the signature. & than (>) sign, thus invalidating the signature.
& &
& Also, in some cases it might be desirable to encode any =20 & Also, in some cases it might be desirable to encode any =20
& trailing whitespace that occurs on lines in order to ensure =20 & trailing whitespace that occurs on lines in order to ensure =20
& that the message signature is not invalidated when passing =20 & that the message signature is not invalidated when passing =20
& a gateway that modifies such whitespace (like BITNET). =20 & a gateway that modifies such whitespace (like BITNET). =20
& &
& me & me
--bar --bar
Content-Type: application/pgp-signature Content-Type: application/pgp-signature
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
Version: 2.6.2 Version: 2.6.2
iQCVAwUBMJrRF2N9oWBghPDJAQE9UQQAtl7LuRVndBjrk4EqYBIb3h5QXIX/LC// iQCVAwUBMJrRF2N9oWBghPDJAQE9UQQAtl7LuRVndBjrk4EqYBIb3h5QXIX/LC//
jJV5bNvkZIGPIcEmI5iFd9boEgvpirHtIREEqLQRkYNoBActFBZmh9GC3C041WGq jJV5bNvkZIGPIcEmI5iFd9boEgvpirHtIREEqLQRkYNoBActFBZmh9GC3C041WGq
uMbrbxc+nIs1TIKlA08rVi9ig/2Yh7LFrK5Ein57U/W72vgSxLhe/zhdfolT9Brn uMbrbxc+nIs1TIKlA08rVi9ig/2Yh7LFrK5Ein57U/W72vgSxLhe/zhdfolT9Brn
HOxEa44b+EI= HOxEa44b+EI=
=ndaj =ndaj
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
--bar-- --bar--
The "&"s in the previous example indicate the portion of the data The "&"s in the previous example indicate the portion of the data
over which the signature was calculated. over which the signature was calculated.
Upon receipt of a signed message, an application MUST: Upon receipt of a signed message, an application MUST:
(1) Convert line endings to the canonical <CR><LF> sequence before (1) Convert line endings to the canonical <CR><LF> sequence before
the signature can be verified. This is necessary since the the signature can be verified. This is necessary since the
local MTA may have converted to a local end of line convention. local MTA may have converted to a local end of line convention.
(2) Pass both the signed data and its associated content headers (2) Pass both the signed data and its associated content headers
along with the OpenPGP signature to the signature verification along with the OpenPGP signature to the signature verification
service. service.
6. Encrypted and Signed Data 6. Encrypted and Signed Data
Sometimes it is desirable to both digitally sign and then encrypt a Sometimes it is desirable to both digitally sign and then encrypt a
message to be sent. This protocol allows for two methods of message to be sent. This protocol allows for two methods of
accomplishing this task. accomplishing this task.
6.1. RFC 1847 Encapsulation 6.1. RFC 1847 Encapsulation
In [2], it is stated that the data is first signed as a In [2], it is stated that the data is first signed as a
multipart/signature body, and then encrypted to form the final multipart/signature body, and then encrypted to form the final
multipart/encrypted body. This is most useful for standard MIME- multipart/encrypted body. This is most useful for standard MIME-
compliant message forwarding. compliant message forwarding.
Example: Example:
Content-Type: multipart/encrypted; Content-Type: multipart/encrypted;
protocol="application/pgp-encrypted"; boundary=foo protocol="application/pgp-encrypted"; boundary=foo
--foo --foo
Content-Type: application/pgp-encrypted Content-Type: application/pgp-encrypted
Version: 1 Version: 1
--foo --foo
Content-Type: application/octet-stream Content-Type: application/octet-stream
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
& Content-Type: multipart/signed; micalg=pgp-md5 & Content-Type: multipart/signed; micalg=pgp-md5
& protocol="application/pgp-signature"; boundary=bar & protocol="application/pgp-signature"; boundary=bar
& &
& --bar & --bar
& Content-Type: text/plain; charset=us-ascii & Content-Type: text/plain; charset=us-ascii
& &
& This message was first signed, and then encrypted. & This message was first signed, and then encrypted.
& &
& --bar & --bar
& Content-Type: application/pgp-signature & Content-Type: application/pgp-signature
& &
& -----BEGIN PGP MESSAGE----- & -----BEGIN PGP MESSAGE-----
& Version: 2.6.2 & Version: 2.6.2
& &
& iQCVAwUBMJrRF2N9oWBghPDJAQE9UQQAtl7LuRVndBjrk4EqYBIb3h5QXIX/LC// & iQCVAwUBMJrRF2N9oWBghPDJAQE9UQQAtl7LuRVndBjrk4EqYBIb3h5QXIX/LC//
& jJV5bNvkZIGPIcEmI5iFd9boEgvpirHtIREEqLQRkYNoBActFBZmh9GC3C041WGq & jJV5bNvkZIGPIcEmI5iFd9boEgvpirHtIREEqLQRkYNoBActFBZmh9GC3C041WGq
& uMbrbxc+nIs1TIKlA08rVi9ig/2Yh7LFrK5Ein57U/W72vgSxLhe/zhdfolT9Brn & uMbrbxc+nIs1TIKlA08rVi9ig/2Yh7LFrK5Ein57U/W72vgSxLhe/zhdfolT9Brn
& HOxEa44b+EI= & HOxEa44b+EI=
& =ndaj & =ndaj
& -----END PGP MESSAGE----- & -----END PGP MESSAGE-----
& &
& --bar-- & --bar--
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
--foo-- --foo--
(The text preceded by '&' indicates that it is really encrypted, but (The text preceded by '&' indicates that it is really encrypted, but
presented as text for clarity.) presented as text for clarity.)
6.2. Combined method 6.2. Combined method
The OpenPGP packet format [1] describes a method for signing and The OpenPGP packet format [1] describes a method for signing and
encrypting data in a single OpenPGP message. This method is allowed encrypting data in a single OpenPGP message. This method is allowed
in order to reduce processing overhead and increase compatibility in order to reduce processing overhead and increase compatibility
with non-MIME implementations of OpenPGP. The resulting data is with non-MIME implementations of OpenPGP. The resulting data is
formatted as a "multipart/encrypted" object as described in Section formatted as a "multipart/encrypted" object as described in Section
4. 4.
Messages which are encrypted and signed in this combined fashion are Messages which are encrypted and signed in this combined fashion are
REQUIRED to follow the same canonicalization rules as REQUIRED to follow the same canonicalization rules as
multipart/signed objects. multipart/signed objects.
It is explicitly allowed for an agent to decrypt a combined message It is explicitly allowed for an agent to decrypt a combined message
and rewrite it as a multipart/signed object using the signature data and rewrite it as a multipart/signed object using the signature data
embedded in the encrypted version. embedded in the encrypted version.
skipping to change at page 10, line 38 skipping to change at page 9, line 8
trailing white space in signed material. Implementations which trailing white space in signed material. Implementations which
choose to use signatures of canonical text documents will not be able choose to use signatures of canonical text documents will not be able
to detect the addition of whitespace in transit. to detect the addition of whitespace in transit.
See [3], [4] for more information on the security considerations See [3], [4] for more information on the security considerations
concerning the underlying protocols. concerning the underlying protocols.
9. IANA Considerations 9. IANA Considerations
This document defines three media types: "application/pgp-encrypted", This document defines three media types: "application/pgp-encrypted",
"application/pgp-signature" and "application/pgp-keys". The following "application/pgp-signature" and "application/pgp-keys". The
sections specify the IANA registrations for these types. following sections specify the IANA registrations for these types.
9.1. Registration of the application/pgp-encrypted media type 9.1. Registration of the application/pgp-encrypted media type
MIME media type name: application MIME media type name: application
MIME subtype name: pgp-encrypted MIME subtype name: pgp-encrypted
Required parameters: none Required parameters: none
Optional parameters: none Optional parameters: none
Encoding considerations: Encoding considerations:
skipping to change at page 13, line 24 skipping to change at page 12, line 12
Michael Elkins Michael Elkins
Email: me@cs.hmc.edu Email: me@cs.hmc.edu
10. Notes 10. Notes
"PGP" and "Pretty Good Privacy" are registered trademarks of Network "PGP" and "Pretty Good Privacy" are registered trademarks of Network
Associates, Inc. Associates, Inc.
11. Acknowledgements 11. Acknowledgements
This draft document relies on the work of the IETF's OpenPGP Working This document relies on the work of the IETF's OpenPGP Working
Group's definitions of the OpenPGP Message Format. The OpenPGP Group's definitions of the OpenPGP Message Format. The OpenPGP
message format is currently described in RFC 2440 [1]. message format is currently described in RFC 2440 [1].
Special thanks are due: to Philip Zimmermann for his original and Special thanks are due: to Philip Zimmermann for his original and
ongoing work on PGP; to Charles Breed, Jon Callas and Dave Del Torto ongoing work on PGP; to Charles Breed, Jon Callas and Dave Del Torto
for originally proposing the formation of the OpenPGP Working Group; for originally proposing the formation of the OpenPGP Working Group;
and to Steve Schoenfeld for helpful feedback during the draft and to Steve Schoenfeld for helpful feedback during the draft
process. The authors would also like to thank the engineers at Pretty process. The authors would also like to thank the engineers at
Good Privacy, Inc (now Network Associates, Inc), including Colin Pretty Good Privacy, Inc (now Network Associates, Inc), including
Plumb, Hal Finney, Jon Callas, Mark Elrod, Mark Weaver and Lloyd Colin Plumb, Hal Finney, Jon Callas, Mark Elrod, Mark Weaver and
Chambers, for their technical commentary. Lloyd Chambers, for their technical commentary.
Additional thanks are due to Jeff Schiller and Derek Atkins for their Additional thanks are due to Jeff Schiller and Derek Atkins for their
continuing support of strong cryptography and PGP freeware at MIT; to continuing support of strong cryptography and PGP freeware at MIT; to
Rodney Thayer of Sable Technology; to John Noerenberg, Steve Dorner Rodney Thayer of Sable Technology; to John Noerenberg, Steve Dorner
and Laurence Lundblade of the Eudora team at QUALCOMM, Inc; to Bodo and Laurence Lundblade of the Eudora team at QUALCOMM, Inc; to Bodo
Moeller for proposing the approach followed with respect to trailing Moeller for proposing the approach followed with respect to trailing
whitespace; to John Gilmore, Hugh Daniel and Fred Ringel (at whitespace; to John Gilmore, Hugh Daniel and Fred Ringel (at
Rivertown) and Ian Bell (at Turnpike) for their timely critical Rivertown) and Ian Bell (at Turnpike) for their timely critical
commentary; and to the international members of the IETF's OpenPGP commentary; and to the international members of the IETF's OpenPGP
mailing list, including William Geiger, Lutz Donnerhacke and Kazu mailing list, including William Geiger, Lutz Donnerhacke and Kazu
Yamamoto. The idea to use multipart/mixed with multipart/signed has Yamamoto. The idea to use multipart/mixed with multipart/signed has
been attributed to James Galvin. Finally, our gratitude is due to the been attributed to James Galvin. Finally, our gratitude is due to
many members of the "Cypherpunks," "Coderpunks" and "pgp-users" the many members of the "Cypherpunks," "Coderpunks" and "pgp-users"
<http://cryptorights.org/pgp-users> mailing lists and the many users <http://cryptorights.org/pgp-users> mailing lists and the many users
of PGP worldwide for helping keep the path to privacy open. of PGP worldwide for helping keep the path to privacy open.
12. Addresses of the Authors and OpenPGP Working Group Chair 12. Addresses of the Authors and OpenPGP Working Group Chair
The OpenPGP working group can be contacted via the current chair: The OpenPGP working group can be contacted via the current chair:
John W. Noerenberg II John W. Noerenberg II
Qualcomm, Inc. Qualcomm, Inc.
5775 Morehouse Dr. 5775 Morehouse Dr.
San Diego CA 92121 USA San Diego, CA 92121 USA
Tel: +1 619 658 3510
Email: jwn2@qualcomm.com
The principal authors of this draft are: Phone: +1 619 658 3510
EMail: jwn2@qualcomm.com
The principal authors of this document are:
Dave Del Torto Dave Del Torto
CryptoRights Foundation CryptoRights Foundation
80 Alviso Street, Mailstop: CRF 80 Alviso Street, Mailstop: CRF
San Francisco CA 94127 USA San Francisco, CA 94127 USA
Tel: +1.415.334.5533, vm: #2
Email: ddt@cryptorights.org, ddt@openpgp.net Phone: +1.415.334.5533, vm: #2
EMail: ddt@cryptorights.org, ddt@openpgp.net
Michael Elkins Michael Elkins
Network Associates, Inc. Network Associates, Inc.
3415 S. Sepulveda Blvd Suite 700 3415 S. Sepulveda Blvd Suite 700
Los Angeles CA 90034 USA Los Angeles, CA 90034 USA
Tel: +1.310.737.1663 Phone: +1.310.737.1663
Fax: +1.310.737.1755 Fax: +1.310.737.1755
Email: Michael_Elkins@nai.com, me@cs.hmc.edu Email: me@cs.hmc.edu, Michael_Elkins@NAI.com
Raph Levien Raph Levien
University of California at Berkeley University of California at Berkeley
579 Soda Hall 579 Soda Hall
Berkeley CA 94720 USA Berkeley, CA 94720 USA
Tel: +1.510.642.6509
Email: raph@acm.org Phone: +1.510.642.6509
EMail: raph@acm.org
Thomas Roessler Thomas Roessler
Nordstrasse 99 Nordstrasse 99
D-53111 Bonn D-53111 Bonn, Germany
Germany
Tel: +49-228-638007 Phone: +49-228-638007
Email: roessler@does-not-exist.org EMail: roessler@does-not-exist.org
References References
[1] Callas, J., Donnerhacke, L., Finney, H., Thayer, R., "OpenPGP [1] Callas, J., Donnerhacke, L., Finney, H. and R. Thayer, "OpenPGP
Message Format", RFC 2440, November 1998. Message Format", RFC 2440, November 1998.
[2] Galvin, J., Murphy, G., Crocker, S., and N. Freed, "Security [2] Galvin, J., Murphy, G., Crocker, S. and N. Freed, "Security
Multiparts for MIME: Multipart/Signed and Multipart/Encrypted", Multiparts for MIME: Multipart/Signed and Multipart/Encrypted",
RFC 1847, October 1995. RFC 1847, October 1995.
[3] Freed, N., Borenstein, N., "Multipurpose Internet Mail [3] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part Two: Media Types", RFC 2046, November Extensions (MIME) Part Two: Media Types", RFC 2046, November
1996 1996.
[4] Galvin, J., Murphy, G., Crocker, S., and N. Freed, "MIME Object [4] Galvin, J., Murphy, G., Crocker, S. and N. Freed, "MIME Object
Security Services", RFC 1848, October 1995. Security Services", RFC 1848, October 1995.
[5] Atkins, D., Stallings, W., and P. Zimmermann, "PGP Message [5] Atkins, D., Stallings, W. and P. Zimmermann, "PGP Message
Exchange Formats", RFC 1991, August 1996. Exchange Formats", RFC 1991, August 1996.
[6] Elkins, M., "MIME Security with Pretty Good Privacy (PGP)", RFC [6] Elkins, M., "MIME Security with Pretty Good Privacy (PGP)", RFC
2015, October 1996. 2015, October 1996.
[7] Freed, N., "Gateways and MIME Security Multiparts", RFC 2480, [7] Freed, N., "Gateways and MIME Security Multiparts", RFC 2480,
January 1999. January 1999.
Full Copyright Notice Full Copyright Statement
Copyright (C) The Internet Society 2001. All Rights Reserved. Copyright (C) The Internet Society (2001). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of Internet organizations, except as needed for the purpose of
skipping to change at line 658 skipping to change at page 15, line 32
The limited permissions granted above are perpetual and will not be The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns. revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
 End of changes. 66 change blocks. 
190 lines changed or deleted 176 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/