Mutt/GnuPG doc initial release

Horacio homega@wanadoo.es
Mon Sep 24 12:30:02 2001


On Sun, Sep 23, 2001 at 09:53:37PM -0700, Len Sassaman wrote:

> >From the document:
>=20
> "The outdated standard for making attached signatures was
> to paste it at the bottom of the message, but the new
> standard involves an actual MIME attachment to the message.
> Regardless, Mutt can verify either style."
>=20
> This is not correct. The only people who refer to the
> inline ASCII-armored signatures as "outdated" are the Mutt
> developers. Read the RFCs.
I belive they refer to it as *old* rather than *outdated* or *obsolete*. There is a slight difference imho. If you complain about mutt not offering an easier (rather more obvious) way to deal with text/pgp, then fine. But there is nothing wrong with them favouring pgp/mime.
> Frankly, it's poor netiquette to post PGP/MIME messages to
> mailing lists, for one, and secondly, most mail clients
> cannot understand them. Signing your messages in a way that
> renders the signature useless for most PGP users serves no
> purpose whatsoever.
"most mail clients ..."=20 command line 'mail' comes to my mind, but then it doesn=B4t understand ascii/pgp either :) Some mailing lists I subscribe to filter messages with demime to strip any mime attachement before distributin it (all OpenBSD mailing list but one). I agree that mime attachments to mailing lists are a nuisance. Any pgp signature, be it pgp/mime or ascii-armored|application/pgp, should not be included in a post to a mailing list unless it is utterly important to confirm the authory of the message. Sadly, it is up to individuals to learn good net manners and to decide.
> Inline ASCII-armoring is the standard method for signing
> email. It is also the only method directly specified in RFC
> 2440.
>=20
> An important part of any GnuPG/Mutt FAQ would be
> instructions on how to configure Mutt to make compatible
> OpenPGP signatures in the traditional method. (No, this
> does not mean the broken Application/PGP method that Mutt
> offers!)
In what sense is app/pgp broken? (just asking).
> (This is not to say I don't recognise the value of PGP/MIME
> (and the new OpenPGP/MIME.) But crypto is worthless if it
> doesn't interoperate.
Then, this might be an argument for considering mail clients with no pgp/mime capabilities as broken cryptowise.
> When the majority of PGP-aware mail apps can understand
> PGP/MIME, then I'll advocate switching for non-mailing list
> email.)
No need to go overboard, just to apply a demime filter. A better (ideal) choice would be to educate people, but that=B4s a chimera right now. Regards, --=20 Horacio