0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011
0012
0013
0014
0015
0016
0017
0018
0019
0020
0021
0022
0023
0024
0025
0026
0027
0028
0029
0030
0031
0032
0033
0034
0035
0036
0037
0038
0039
0040
0041
0042
0043
0044
0045
0046
0047
0048
0049
0050
0051
0052
0053
0054
0055
0056
0057
0058
0059
0060
0061
0062
0063
0064
0065
0066
0067
0068
0069
0070
0071
0072
0073
0074
0075
0076
0077
0078
0079
0080
0081
0082
0083
0084
0085
0086
0087
0088
0089
0090
0091
0092
0093
0094
0095
0096
0097
0098
0099
0100
0101
0102
0103
0104
0105
0106
0107
0108
0109
0110
0111
0112
0113
0114
0115
0116
0117
0118
0119
0120
0121
0122
0123
0124
0125
0126
0127
0128
0129
0130
0131
0132
0133
0134
0135
0136
0137
0138
0139
0140
0141
0142
0143
0144
0145
0146
0147
0148
0149
0150
0151
0152
0153
0154
0155
0156
0157
0158
0159
0160
0161
0162
0163
0164
0165
0166
0167
0168
0169
0170
0171
0172
0173
0174
0175
0176
0177
0178
0179
0180
0181
0182
0183
0184
0185
0186
0187
0188
0189
0190
0191
0192
0193
0194
0195
0196
0197
0198
0199
0200
0201
0202
0203
0204
0205
0206
0207
0208
0209
0210
0211
0212
0213
0214
0215
0216
0217
0218
0219
0220
0221
0222
0223
0224
0225
0226
0227
0228
0229
0230
0231
0232
0233
0234
0235
0236
0237
0238
0239
0240
0241
0242
0243
0244
0245
0246
0247
0248
0249
0250
0251
0252
0253
0254
0255
0256
0257
0258
0259
0260
0261
0262
0263
0264
0265
0266
0267
0268
0269
0270
0271
0272
0273
0274
0275
0276
0277
0278
0279
0280
0281
0282
0283
0284
0285
0286
0287
0288
0289
0290
0291
0292
0293
0294
0295
0296
0297
0298
0299
0300
0301
0302
0303
0304
0305
0306
0307
0308
0309
0310
0311
0312
0313
0314
0315
0316
0317
0318
0319
0320
0321
0322
0323
0324
0325
0326
0327
0328
0329
0330
0331
0332
0333
0334
0335
0336
0337
0338
0339
0340
0341
0342
0343
0344
0345
0346
0347
0348
0349
0350
0351
0352
0353
0354
0355
0356
0357
0358
0359
0360
0361
0362
0363
0364
0365
0366
0367
0368
0369
0370
0371
0372
0373
0374
0375
0376
0377
0378
0379
0380
0381
0382
0383
0384
0385
0386
0387
0388
0389
0390
0391
0392
0393
0394
0395
0396
0397
0398
0399
0400
0401
0402
0403
0404
0405
0406
0407
0408
0409
0410
0411
0412
0413
0414
0415
0416
0417
0418
0419
0420
0421
0422
0423
0424
0425
0426
0427
0428
0429
0430
0431
0432
0433
0434
0435
0436
0437
0438
0439
0440
0441
0442
0443
0444
0445
0446
0447
0448
0449
0450
0451
0452
0453
0454
0455
0456
0457
0458
0459
0460
0461
0462
0463
0464
0465
0466
0467
0468
0469
0470
0471
0472
0473
0474
0475
0476
0477
0478
0479
0480
0481
0482
0483
0484
0485
0486
0487
0488
0489
0490
0491
0492
0493
0494
0495
0496
0497
0498
0499
0500
0501
0502
0503
0504
0505
0506
0507
0508
0509
0510
0511
0512
0513
0514
0515
0516
0517
0518
0519
0520
0521
0522
0523
0524
0525
0526
0527
0528
0529
0530
0531
0532
0533
0534
0535
0536
0537
0538
0539
0540
0541
0542
0543
0544
0545
0546
0547
0548
0549
0550
0551
0552
0553
0554
0555
0556
0557
0558
0559
0560
0561
0562
0563
0564
0565
0566
0567
0568
0569
0570
0571
0572
0573
0574
0575
0576
0577
0578
0579
0580
0581
0582
0583
0584
0585
0586
0587
0588
0589
0590
0591
0592
0593
0594
0595
0596
0597
0598
0599
0600
0601
0602
0603
0604
0605
0606
0607
0608
0609
0610
0611
0612
0613
0614
0615
0616
0617
0618
0619
0620
0621
0622
0623
0624
0625
0626
0627
0628
0629
0630
0631
0632
0633
0634
0635
0636
0637
0638
0639
0640
0641
0642
0643
0644
0645
0646
0647
0648
0649
0650
0651
0652
0653
0654
0655
0656
0657
0658
0659
0660
0661
0662
0663
0664
0665
0666
0667
0668
0669
0670
0671
0672
0673
0674
0675
0676
0677
0678
0679
0680
0681
0682
0683
0684
0685
0686
0687
0688
0689
0690
0691
0692
0693
0694
0695
0696
0697
0698
0699
0700
0701
0702
0703
0704
0705
0706
0707
0708
Network Working Group                                          M. Elkins
Request for Comments: 3156                      Network Associates, Inc.
Updates: 2015                                               D. Del Torto
Category: Standards Track                        CryptoRights Foundation
                                                               R. Levien
                                    University of California at Berkeley
                                                             T. Roessler
                                                             August 2001

                       MIME Security with OpenPGP

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2001).  All Rights Reserved.

Abstract

   This document describes how the OpenPGP Message Format can be used to
   provide privacy and authentication using the Multipurpose Internet
   Mail Extensions (MIME) security content types described in RFC 1847.

1.  Introduction

   Work on integrating PGP (Pretty Good Privacy) with MIME [3]
   (including the since withdrawn "application/pgp" content type) prior
   to RFC 2015 suffered from a number of problems, the most significant
   of which is the inability to recover signed message bodies without
   parsing data structures specific to PGP.  RFC 2015 makes use of the
   elegant solution proposed in RFC 1847, which defines security
   multipart formats for MIME.  The security multiparts clearly separate
   the signed message body from the signature, and have a number of
   other desirable properties.  This document revises RFC 2015 to adopt
   the integration of PGP and MIME to the needs which emerged during the
   work on the OpenPGP specification.

   This document defines three content types for implementing security
   and privacy with OpenPGP: "application/pgp-encrypted",
   "application/pgp-signature" and "application/pgp-keys".

Elkins, et al.              Standards Track                     [Page 1]

RFC 3156               MIME Security with OpenPGP            August 2001

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119.

2.  OpenPGP data formats

   OpenPGP implementations can generate either ASCII armor (described in
   [1]) or 8-bit binary output when encrypting data, generating a
   digital signature, or extracting public key data.  The ASCII armor
   output is the REQUIRED method for data transfer.  This allows those
   users who do not have the means to interpret the formats described in
   this document to be able to extract and use the OpenPGP information
   in the message.

   When the amount of data to be transmitted requires that it be sent in
   many parts, the MIME message/partial mechanism SHOULD be used rather
   than the multi-part ASCII armor OpenPGP format.

3.  Content-Transfer-Encoding restrictions

   Multipart/signed and multipart/encrypted are to be treated by agents
   as opaque, meaning that the data is not to be altered in any way [2],
   [7].  However, many existing mail gateways will detect if the next
   hop does not support MIME or 8-bit data and perform conversion to
   either Quoted-Printable or Base64.  This presents serious problems
   for multipart/signed, in particular, where the signature is
   invalidated when such an operation occurs.  For this reason all data
   signed according to this protocol MUST be constrained to 7 bits (8-
   bit data MUST be encoded using either Quoted-Printable or Base64).
   Note that this also includes the case where a signed object is also
   encrypted (see section 6).  This restriction will increase the
   likelihood that the signature will be valid upon receipt.

   Additionally, implementations MUST make sure that no trailing
   whitespace is present after the MIME encoding has been applied.

      Note: In most cases, trailing whitespace can either be removed, or
      protected by applying an appropriate content-transfer-encoding.
      However, special care must be taken when any header lines - either
      in MIME entity headers, or in embedded RFC 822 headers - are
      present which only consist of whitespace: Such lines must be
      removed entirely, since replacing them by empty lines would turn
      them into header delimiters, and change the semantics of the
      message.  The restrictions on whitespace are necessary in order to
      make the hash calculated invariant under the text and binary mode
      signature mechanisms provided by OpenPGP [1].  Also, they help to
      avoid compatibility problems with PGP implementations which
      predate the OpenPGP specification.

Elkins, et al.              Standards Track                     [Page 2]

RFC 3156               MIME Security with OpenPGP            August 2001

      Note: If any line begins with the string "From ", it is strongly
      suggested that either the Quoted-Printable or Base64 MIME encoding
      be applied.  If Quoted-Printable is used, at least one of the
      characters in the string should be encoded using the hexadecimal
      coding rule.  This is because many mail transfer and delivery
      agents treat "From " (the word "from" followed immediately by a
      space character) as the start of a new message and thus insert a
      right angle-bracket (>) in front of any line beginning with
      "From " to distinguish this case, invalidating the signature.

   Data that is ONLY to be encrypted is allowed to contain 8-bit
   characters and trailing whitespace and therefore need not undergo the
   conversion to a 7bit format, and the stripping of whitespace.

      Implementor's note: It cannot be stressed enough that applications
      using this standard follow MIME's suggestion that you "be
      conservative in what you generate, and liberal in what you
      accept."  In this particular case it means it would be wise for an
      implementation to accept messages with any content-transfer-
      encoding, but restrict generation to the 7-bit format required by
      this memo.  This will allow future compatibility in the event the
      Internet SMTP framework becomes 8-bit friendly.

4.  OpenPGP encrypted data

   Before OpenPGP encryption, the data is written in MIME canonical
   format (body and headers).

   OpenPGP encrypted data is denoted by the "multipart/encrypted"
   content type, described in [2], and MUST have a "protocol" parameter
   value of "application/pgp-encrypted".  Note that the value of the
   parameter MUST be enclosed in quotes.

   The multipart/encrypted MIME body MUST consist of exactly two body
   parts, the first with content type "application/pgp-encrypted".  This
   body contains the control information.  A message complying with this
   standard MUST contain a "Version: 1" field in this body.  Since the
   OpenPGP packet format contains all other information necessary for
   decrypting, no other information is required here.

   The second MIME body part MUST contain the actual encrypted data.  It
   MUST be labeled with a content type of "application/octet-stream".

   Example message:

      From: Michael Elkins <elkins@aero.org>
      To: Michael Elkins <elkins@aero.org>
      Mime-Version: 1.0

Elkins, et al.              Standards Track                     [Page 3]

RFC 3156               MIME Security with OpenPGP            August 2001

      Content-Type: multipart/encrypted; boundary=foo;
         protocol="application/pgp-encrypted"

      --foo
      Content-Type: application/pgp-encrypted

      Version: 1

      --foo
      Content-Type: application/octet-stream

      -----BEGIN PGP MESSAGE-----
      Version: 2.6.2

      hIwDY32hYGCE8MkBA/wOu7d45aUxF4Q0RKJprD3v5Z9K1YcRJ2fve87lMlDlx4Oj
      eW4GDdBfLbJE7VUpp13N19GL8e/AqbyyjHH4aS0YoTk10QQ9nnRvjY8nZL3MPXSZ
      g9VGQxFeGqzykzmykU6A26MSMexR4ApeeON6xzZWfo+0yOqAq6lb46wsvldZ96YA
      AABH78hyX7YX4uT1tNCWEIIBoqqvCeIMpp7UQ2IzBrXg6GtukS8NxbukLeamqVW3
      1yt21DYOjuLzcMNe/JNsD9vDVCvOOG3OCi8=
      =zzaA
      -----END PGP MESSAGE-----

      --foo--

5.  OpenPGP signed data

   OpenPGP signed messages are denoted by the "multipart/signed" content
   type, described in [2], with a "protocol" parameter which MUST have a
   value of "application/pgp-signature" (MUST be quoted).

   The "micalg" parameter for the "application/pgp-signature" protocol
   MUST contain exactly one hash-symbol of the format "pgp-<hash-
   identifier>", where <hash-identifier> identifies the Message
   Integrity Check (MIC) algorithm used to generate the signature.
   Hash-symbols are constructed from the text names registered in [1] or
   according to the mechanism defined in that document by converting the
   text name to lower case and prefixing it with the four characters
   "pgp-".

   Currently defined values are "pgp-md5", "pgp-sha1", "pgp-ripemd160",
   "pgp-md2", "pgp-tiger192", and "pgp-haval-5-160".

   The multipart/signed body MUST consist of exactly two parts.  The
   first part contains the signed data in MIME canonical format,
   including a set of appropriate content headers describing the data.

   The second body MUST contain the OpenPGP digital signature.  It MUST
   be labeled with a content type of "application/pgp-signature".

Elkins, et al.              Standards Track                     [Page 4]

RFC 3156               MIME Security with OpenPGP            August 2001

      Note: Implementations can either generate "signatures of a
      canonical text document" or "signatures of a binary document", as
      defined in [1].  The restrictions on the signed material put forth
      in section 3 and in this section will make sure that the various
      MIC algorithm variants specified in [1] and [5] will all produce
      the same result.

   When the OpenPGP digital signature is generated:

   (1)   The data to be signed MUST first be converted to its content-
         type specific canonical form.  For text/plain, this means
         conversion to an appropriate character set and conversion of
         line endings to the canonical <CR><LF> sequence.

   (2)   An appropriate Content-Transfer-Encoding is then applied; see
         section 3.  In particular, line endings in the encoded data
         MUST use the canonical <CR><LF> sequence where appropriate
         (note that the canonical line ending may or may not be present
         on the last line of encoded data and MUST NOT be included in
         the signature if absent).

   (3)   MIME content headers are then added to the body, each ending
         with the canonical <CR><LF> sequence.

   (4)   As described in section 3 of this document, any trailing
         whitespace MUST then be removed from the signed material.

   (5)   As described in [2], the digital signature MUST be calculated
         over both the data to be signed and its set of content headers.

   (6)   The signature MUST be generated detached from the signed data
         so that the process does not alter the signed data in any way.

      Note: The accepted OpenPGP convention is for signed data to end
      with a <CR><LF> sequence.  Note that the <CR><LF> sequence
      immediately preceding a MIME boundary delimiter line is considered
      to be part of the delimiter in [3], 5.1.  Thus, it is not part of
      the signed data preceding the delimiter line.  An implementation
      which elects to adhere to the OpenPGP convention has to make sure
      it inserts a <CR><LF> pair on the last line of the data to be
      signed and transmitted (signed message and transmitted message
      MUST be identical).

   Example message:

         From: Michael Elkins <elkins@aero.org>
         To: Michael Elkins <elkins@aero.org>
         Mime-Version: 1.0

Elkins, et al.              Standards Track                     [Page 5]

RFC 3156               MIME Security with OpenPGP            August 2001

         Content-Type: multipart/signed; boundary=bar; micalg=pgp-md5;
           protocol="application/pgp-signature"

         --bar
      & Content-Type: text/plain; charset=iso-8859-1
      & Content-Transfer-Encoding: quoted-printable
      &
      & =A1Hola!
      &
      & Did you know that talking to yourself is a sign of senility?
      &
      & It's generally a good idea to encode lines that begin with
      & From=20because some mail transport agents will insert a greater-
      & than (>) sign, thus invalidating the signature.
      &
      & Also, in some cases it might be desirable to encode any   =20
      & trailing whitespace that occurs on lines in order to ensure  =20
      & that the message signature is not invalidated when passing =20
      & a gateway that modifies such whitespace (like BITNET). =20
      &
      & me

      --bar

      Content-Type: application/pgp-signature

      -----BEGIN PGP MESSAGE-----
      Version: 2.6.2

      iQCVAwUBMJrRF2N9oWBghPDJAQE9UQQAtl7LuRVndBjrk4EqYBIb3h5QXIX/LC//
      jJV5bNvkZIGPIcEmI5iFd9boEgvpirHtIREEqLQRkYNoBActFBZmh9GC3C041WGq
      uMbrbxc+nIs1TIKlA08rVi9ig/2Yh7LFrK5Ein57U/W72vgSxLhe/zhdfolT9Brn
      HOxEa44b+EI=
      =ndaj
      -----END PGP MESSAGE-----

      --bar--

   The "&"s in the previous example indicate the portion of the data
   over which the signature was calculated.

   Upon receipt of a signed message, an application MUST:

   (1)   Convert line endings to the canonical <CR><LF> sequence before
         the signature can be verified.  This is necessary since the
         local MTA may have converted to a local end of line convention.

Elkins, et al.              Standards Track                     [Page 6]

RFC 3156               MIME Security with OpenPGP            August 2001

   (2)   Pass both the signed data and its associated content headers
         along with the OpenPGP signature to the signature verification
         service.

6.  Encrypted and Signed Data

   Sometimes it is desirable to both digitally sign and then encrypt a
   message to be sent.  This protocol allows for two methods of
   accomplishing this task.

6.1.  RFC 1847 Encapsulation

   In [2], it is stated that the data is first signed as a
   multipart/signature body, and then encrypted to form the final
   multipart/encrypted body.  This is most useful for standard MIME-
   compliant message forwarding.

   Example:

         Content-Type: multipart/encrypted;
            protocol="application/pgp-encrypted"; boundary=foo

         --foo
         Content-Type: application/pgp-encrypted

         Version: 1

         --foo
         Content-Type: application/octet-stream

         -----BEGIN PGP MESSAGE-----
      & Content-Type: multipart/signed; micalg=pgp-md5
      &     protocol="application/pgp-signature"; boundary=bar
      &
      & --bar
      & Content-Type: text/plain; charset=us-ascii
      &
      & This message was first signed, and then encrypted.
      &
      & --bar
      & Content-Type: application/pgp-signature
      &
      & -----BEGIN PGP MESSAGE-----
      & Version: 2.6.2
      &
      & iQCVAwUBMJrRF2N9oWBghPDJAQE9UQQAtl7LuRVndBjrk4EqYBIb3h5QXIX/LC//
      & jJV5bNvkZIGPIcEmI5iFd9boEgvpirHtIREEqLQRkYNoBActFBZmh9GC3C041WGq
      & uMbrbxc+nIs1TIKlA08rVi9ig/2Yh7LFrK5Ein57U/W72vgSxLhe/zhdfolT9Brn

Elkins, et al.              Standards Track                     [Page 7]

RFC 3156               MIME Security with OpenPGP            August 2001

      & HOxEa44b+EI=
      & =ndaj
      & -----END PGP MESSAGE-----
      &
      & --bar--
        -----END PGP MESSAGE-----

        --foo--

   (The text preceded by '&' indicates that it is really encrypted, but
   presented as text for clarity.)

6.2.  Combined method

   The OpenPGP packet format [1] describes a method for signing and
   encrypting data in a single OpenPGP message.  This method is allowed
   in order to reduce processing overhead and increase compatibility
   with non-MIME implementations of OpenPGP.  The resulting data is
   formatted as a "multipart/encrypted" object as described in Section
   4.

   Messages which are encrypted and signed in this combined fashion are
   REQUIRED to follow the same canonicalization rules as
   multipart/signed objects.

   It is explicitly allowed for an agent to decrypt a combined message
   and rewrite it as a multipart/signed object using the signature data
   embedded in the encrypted version.

7.  Distribution of OpenPGP public keys

   Content-Type: application/pgp-keys
   Required parameters: none
   Optional parameters: none

   A MIME body part of the content type "application/pgp-keys" contains
   ASCII-armored transferable Public Key Packets as defined in [1],
   section 10.1.

8.  Security Considerations

   Signatures of a canonical text document as defined in [1] ignore
   trailing white space in signed material.  Implementations which
   choose to use signatures of canonical text documents will not be able
   to detect the addition of whitespace in transit.

   See [3], [4] for more information on the security considerations
   concerning the underlying protocols.

Elkins, et al.              Standards Track                     [Page 8]

RFC 3156               MIME Security with OpenPGP            August 2001

9.  IANA Considerations

   This document defines three media types: "application/pgp-encrypted",
   "application/pgp-signature" and "application/pgp-keys".  The
   following sections specify the IANA registrations for these types.

9.1.  Registration of the application/pgp-encrypted media type

   MIME media type name: application
   MIME subtype name: pgp-encrypted
   Required parameters: none
   Optional parameters: none

   Encoding considerations:

      Currently this media type always consists of a single 7bit text
      string.

   Security considerations:

      See Section 8 and RFC 2440 Section 13.

   Interoperability considerations: none

   Published specification:

      This document.

   Additional information:

      Magic number(s): none
      File extension(s): none
      Macintosh File Type Code(s): none

   Person & email address to contact for further information:

      Michael Elkins
      Email: me@cs.hmc.edu

   Intended usage: common

   Author/Change controller:

      Michael Elkins
      Email: me@cs.hmc.edu

Elkins, et al.              Standards Track                     [Page 9]

RFC 3156               MIME Security with OpenPGP            August 2001

9.2.  Registration of the application/pgp-signature media type

   MIME media type name: application
   MIME subtype name: pgp-signature
   Required parameters: none
   Optional parameters: none

   Encoding considerations:

      The content of this media type always consists of 7bit text.

   Security considerations:

      See Section 8 and RFC 2440 Section 13.

   Interoperability considerations: none

   Published specification:

      RFC 2440 and this document.

   Additional information:

      Magic number(s): none
      File extension(s): asc, sig
      Macintosh File Type Code(s): pgDS

   Person & email address to contact for further information:

      Michael Elkins
      Email: me@cs.hmc.edu

   Intended usage: common

   Author/Change controller:

      Michael Elkins
      Email: me@cs.hmc.edu

9.3.  Registration of the application/pgp-keys media type

   MIME media type name: application
   MIME subtype name: pgp-keys
   Required parameters: none
   Optional parameters: none

Elkins, et al.              Standards Track                    [Page 10]

RFC 3156               MIME Security with OpenPGP            August 2001

   Encoding considerations:

      The content of this media type always consists of 7bit text.

   Security considerations:

      See Section 8 and RFC 2440 Section 13.

   Interoperability considerations: none

   Published specification:

      RFC 2440 and this document.

   Additional information:

      Magic number(s): none
      File extension(s): asc
      Macintosh File Type Code(s): none

   Person & email address to contact for further information:

      Michael Elkins
      Email: me@cs.hmc.edu

   Intended usage: common

   Author/Change controller:

      Michael Elkins
      Email: me@cs.hmc.edu

Elkins, et al.              Standards Track                    [Page 11]

RFC 3156               MIME Security with OpenPGP            August 2001

10.  Notes

   "PGP" and "Pretty Good Privacy" are registered trademarks of Network
   Associates, Inc.

11.  Acknowledgements

   This document relies on the work of the IETF's OpenPGP Working
   Group's definitions of the OpenPGP Message Format.  The OpenPGP
   message format is currently described in RFC 2440 [1].

   Special thanks are due: to Philip Zimmermann for his original and
   ongoing work on PGP; to Charles Breed, Jon Callas and Dave Del Torto
   for originally proposing the formation of the OpenPGP Working Group;
   and to Steve Schoenfeld for helpful feedback during the draft
   process.  The authors would also like to thank the engineers at
   Pretty Good Privacy, Inc (now Network Associates, Inc), including
   Colin Plumb, Hal Finney, Jon Callas, Mark Elrod, Mark Weaver and
   Lloyd Chambers, for their technical commentary.

   Additional thanks are due to Jeff Schiller and Derek Atkins for their
   continuing support of strong cryptography and PGP freeware at MIT; to
   Rodney Thayer of Sable Technology; to John Noerenberg, Steve Dorner
   and Laurence Lundblade of the Eudora team at QUALCOMM, Inc; to Bodo
   Moeller for proposing the approach followed with respect to trailing
   whitespace; to John Gilmore, Hugh Daniel and Fred Ringel (at
   Rivertown) and Ian Bell (at Turnpike) for their timely critical
   commentary; and to the international members of the IETF's OpenPGP
   mailing list, including William Geiger, Lutz Donnerhacke and Kazu
   Yamamoto.  The idea to use multipart/mixed with multipart/signed has
   been attributed to James Galvin.  Finally, our gratitude is due to
   the many members of the "Cypherpunks," "Coderpunks" and "pgp-users"
   <http://cryptorights.org/pgp-users> mailing lists and the many users
   of PGP worldwide for helping keep the path to privacy open.

Elkins, et al.              Standards Track                    [Page 12]

RFC 3156               MIME Security with OpenPGP            August 2001

12.  Addresses of the Authors and OpenPGP Working Group Chair

   The OpenPGP working group can be contacted via the current chair:

   John W. Noerenberg II
   Qualcomm, Inc.
   5775 Morehouse Dr.
   San Diego, CA 92121 USA

   Phone: +1 619 658 3510
   EMail: jwn2@qualcomm.com

   The principal authors of this document are:

   Dave Del Torto
   CryptoRights Foundation
   80 Alviso Street, Mailstop: CRF
   San Francisco, CA 94127 USA

   Phone: +1.415.334.5533, vm: #2
   EMail: ddt@cryptorights.org, ddt@openpgp.net

   Michael Elkins
   Network Associates, Inc.
   3415 S. Sepulveda Blvd Suite 700
   Los Angeles, CA 90034 USA

   Phone: +1.310.737.1663
   Fax:   +1.310.737.1755
   Email: me@cs.hmc.edu, Michael_Elkins@NAI.com

   Raph Levien
   University of California at Berkeley
   579 Soda Hall
   Berkeley, CA 94720 USA

   Phone: +1.510.642.6509
   EMail: raph@acm.org

   Thomas Roessler
   Nordstrasse 99
   D-53111 Bonn, Germany

   Phone: +49-228-638007
   EMail: roessler@does-not-exist.org

Elkins, et al.              Standards Track                    [Page 13]

RFC 3156               MIME Security with OpenPGP            August 2001

References

   [1]   Callas, J., Donnerhacke, L., Finney, H. and R. Thayer, "OpenPGP
         Message Format", RFC 2440, November 1998.

   [2]   Galvin, J., Murphy, G., Crocker, S. and N. Freed, "Security
         Multiparts for MIME: Multipart/Signed and Multipart/Encrypted",
         RFC 1847, October 1995.

   [3]   Freed, N. and N. Borenstein, "Multipurpose Internet Mail
         Extensions (MIME) Part Two: Media Types", RFC 2046, November
         1996.

   [4]   Galvin, J., Murphy, G., Crocker, S. and N. Freed, "MIME Object
         Security Services", RFC 1848, October 1995.

   [5]   Atkins, D., Stallings, W. and P. Zimmermann, "PGP Message
         Exchange Formats", RFC 1991, August 1996.

   [6]   Elkins, M., "MIME Security with Pretty Good Privacy (PGP)", RFC
         2015, October 1996.

   [7]   Freed, N., "Gateways and MIME Security Multiparts", RFC 2480,
         January 1999.

Elkins, et al.              Standards Track                    [Page 14]

RFC 3156               MIME Security with OpenPGP            August 2001

Full Copyright Statement

   Copyright (C) The Internet Society (2001).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.

Elkins, et al.              Standards Track                    [Page 15]

Search by Algolia