Mutt/GnuPG doc initial release

Owen Blacker owen@flirble.org
Mon Sep 24 11:26:02 2001 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Werner Koch wrote (2001-09-24 T 09:52 +0200):

>

> > Frankly, it's poor netiquette to post PGP/MIME messages to mailing

> > lists,

>

> I think this is a pretty U.S.centric position.  Using ASCII armor

> you have to stick to Latin-1 so that most clients are able to

> understand it.  Well, you can specify a different character set but

> in this case your MUA is already MIME aware.  So there is no point

> in that.


With respect, I disagree.  As a Brit.  :)


> Furthermore, it is not possible to send signed or encrypted

> attachments using ASCII armor.  Or should we go back to uuencode?

> MIME is around for so many years and the 5 years old rfc2045-47 are

> in draft standard status.  The original MIME RFC is even older than

> PGP 2.


But if you're already attaching something, then use an
application/pgp-signature attachment.  If you're sending a message that,
if unsigned, would ~not~ be multipart/mixed, then don't make it so by
signing it.

I've always considered that a mail in text/plain should be clearsigned
in ASCII armor, to maintain it as text/plain.  Any attachments that you
want signed can, of course, be signed with a separate attachment of a
"detached signature", armored or not.


> > An important part of any GnuPG/Mutt FAQ would be instructions on

> > how to configure Mutt to make compatible OpenPGP signatures in the

> > traditional method. (No, this does not mean the broken

> > Application/PGP method

>

> Rember the golden rule of internet standards?  Mutt and most other

> recent MUAs do exactly this.  The only MUA _I_know_ which has

> problems with OpenPGP-MIME is Outlook.


But application/pgp-signature attachments are not backwards compatible.
And they are not parsable in any of the mail clients I've ever chosen
(or been forced) to use, viz pine, The Bat!, Outlook (97, 98, 2000,
2002), Outlook Express or webmail.  Even with webmail and the PGPtray
utility (for example), you can decrypt and verify an ASCII armored
signature.

My two penn'eth...  :o)


O x
- -- 
Owen Blacker | Senior Software Developer and InfoSecurity Consultant
See http://www.owens-place.org.uk/pgp.html -- more about my PGP keys
Sig  0x3e2056b9 | 18cd 92aa 32aa 81b9 f5e8  c520 6475 6239 3e20 56b9
- --
They that can give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety --Benjamin Franklin, 1759

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7rvu1ZHViOT4gVrkRAg5JAKDIA1sCfyC2gt/UyyhFXVI01Lv54QCgof9l
RjDFLwUgsO1T3986tdWP3XY=
=8gid
-----END PGP SIGNATURE-----