[pkg-gnupg-maint] pgpcontrol/pgpverify and header protection [was: Re: What do we do about GnuPG 1.4 in debian? ]

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat May 21 05:29:39 BST 2022


Hi Russ--

Thanks for this review here.

On Sat 2022-04-30 11:42:32 -0700, Russ Allbery wrote:
> [1] https://www.eyrie.org/~eagle/usefor/other/pgpverify
>     I kept meaning to write an RFC but never got around to it.

This is very interesting, i'm not sure why i haven't read it before.  I
hope to reference it as other known work in the next revision of
draft-ietf-lamps-header-protection, so that there's at least an
informative pointer in some IETF doc:

https://gitlab.com/dkg/lamps-header-protection/-/commit/c3ec0ba4e32f11fbb79cf444b7cbf4af25fb6645

If you think there's any chance that Usenet folks are willing to switch
to MIME-compliant message signing, i'd very much appreciate review on
the header protection mechanism in that draft.

    --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20220521/51afb683/attachment-0001.sig>


More information about the pkg-gnupg-maint mailing list