[dev] PGP Updates

[Michael M Slusarz]

Yuck.  After further analysis, it appears that RFC 1847 is NOT what we 
should be striving for - 1847 is a generic framework for secure MIME 
messages.  For PGP messages there is an additional, more specific RFC - RFC 
2015:

http://www.ietf.org/rfc/rfc2015.txt

Specifically, certain content-type parameters need to be sent ('protocol' 
and 'micalg'), and it lists the content-types for each specific MIME part.  
I have gone ahead and made these changes:

http://bigworm.colorado.edu/imp-patches/pgp/diffs/rfc2015.diff.txt

WARNING - this code correctly sets up the MIME messages except that the 
micalg (MIC algorithim) parameter is NOT currently set up correctly for 
signed messages.  It really sucks - gnupg will not tell you what hashing 
algorithim it has used so you have to physically go in and analyze the 
signature data block packet by packet to determine the hashing algorithim, 
which is REQUIRED by the RFC (I determined this by looking at  mutt source 
code).  The worse part about this is that there are only two hashing 
algorithim normally used for signature - pgp-md5 and pgp-sha1.  And, as far 
as I can tell, pgp-sha1 is used 99% of the time (it is the only algorithim 
required for RFC compliance).  However, i realize you can never assume 
anything, and it would be great if IMP was fully compliant with the RFC.  
Since I am not very good at manipulating binary data, this does not 
currently work.  Anyone want to help me?

Additionally, IMP will not read this message format correctly as of right 
now - this also needs to be worked on.  Mainly, I just wanted to show what 
code I have done so far so we can figure out what needs to be done next.

michael

______________________________________________
Michael Slusarz [slusarz@bigworm.colorado.edu]
The University of Colorado at Boulder