S/MIME or PGP/MIME?

[Simon Josefsson]

Martin Christensen <factotum@gvdnet.dk> writes:

> --=-=-=
> Content-Transfer-Encoding: quoted-printable

Hm, your message was garbled, it was flagged as text/plain instead of
multipart/signed.

>>>>>> "Simon" =3D=3D Simon Josefsson <jas@extundo.com> writes:
>>> I'm not sure if this is one of those questions that only have
>>> religious answers, but which of S/MIME and PGP/MIME should be used?
> Simon> Both are widely used.  Use whatever you like most, or whichever
> Simon> is used by the people you communicate with.
>
> Hmm... I'm mostly concerned about what's readable elsewhere.
>
> I've discovered what's probably slightly buggy behaviour in Oort Gnus:
> the plain-text part of a PGP/MIME or S/MIME message doesn't have a
> 'Content-Type: text/plain', as should probably be expected.

Not really, text/plain is the default type unless you specify one,
according to the MIME specs.

> I've had a look at the source, but haven't been able to properly
> find the root of this behaviour yet. This might be the explanation
> for why I've received some complaints that my messages show up as
> attachments.

I think the reason is that Outlook does not support RFC 1847 and such
messages show up as attachments.

> Simon> I don't understand, S/MIME is a spec similar to PGP/MIME.  If
> Simon> you are looking for a implementation of S/MIME, there are
> Simon> several, of which Mozilla NSS and OpenSSL are free resp open
> Simon> source.
>
> Obviously, but it's difficult to find any sobre information about why
> two specs exist and what the difference is.

S/MIME is based on PKCS#7/CMS while PGP/MIME is based on OpenPGP.  The
reason there are two are that they was developed in parallel with
different design goals.  There are maybe 5 more to choice from if you
want to confuse things further as well, but I'd guess that over 80 %
of encrypted or signed email uses PGP, S/MIME or PGP/MIME.  (In order
of popularity as perceived by me.)