PGP/MIME considered harmful for mobile
kloecker at kde.org
Tue Mar 1 22:20:52 CET 2011
On Sunday 27 February 2011, Doug Barton wrote:
> On 02/27/2011 02:04, Ingo Klöcker wrote:
> > On Saturday, February 26, 2011, MFPA wrote:
> >> Hi
> >> On Friday 25 February 2011 at 1:45:03 AM, in
> >> <mid:87lj14x4yo.fsf at servo.finestructure.net>, Jameson Rollins
> >>> Yikes! I thought we were almost done killing inline
> >>> signatures! Don't revive it now!
> >>> If PGP/MIME is broken on android, we need to get them
> >>> to fix it, not go backwards to inline pgp.
> >> Using inline PGP signatures means using the simpler and more
> >> reliable of the two solutions. The fact that its specification
> >> was defined earlier does not mean using inline signatures is a
> >> step backwards; PGP/MIME is a complement to pgp inline, not a
> >> replacement.
> > The major problem I see with using cleartext signatures in email is
> > the lack for support of non-ASCII text (or, more precisely,
> > character encoding).
> Can you provide examples that do not work when both the mail
> client(s) and gnupg are properly configured to use UTF-8?
No, sorry. I haven't been using inline PGP signatures for ages and
neither do most of the people I exchange emails with. Therefore I cannot
provide real world examples.
Back when I was still using inline PGP signatures I regularly got
replies with a full quote of my inline-signed message where the
signature on the quoted message was broken. You might say that it's not
relevant because it's just a quote. But I say it is very relevant if
such a reply is forwarded to a third party. And also if it isn't
forwarded a bad signature is still highly irritating (at least to me).
Of course, my experience is from a time when UTF-8 wasn't used in email.
But do the standard mail clients (Outlook, GMail, Thunderbird) really
default to UTF-8 nowadays? Expecting people to properly configure their
mail clients is an unrealistic dream.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 198 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users