Mutt/GnuPG doc initial release
Mon Sep 24 12:30:02 2001
On Sun, Sep 23, 2001 at 09:53:37PM -0700, Len Sassaman wrote:
> >From the document:
> "The outdated standard for making attached signatures was
> to paste it at the bottom of the message, but the new
> standard involves an actual MIME attachment to the message.
> Regardless, Mutt can verify either style."
> This is not correct. The only people who refer to the
> inline ASCII-armored signatures as "outdated" are the Mutt
> developers. Read the RFCs.
I belive they refer to it as *old* rather than *outdated* or
*obsolete*. There is a slight difference imho.
If you complain about mutt not offering an easier (rather
more obvious) way to deal with text/pgp, then fine. But
there is nothing wrong with them favouring pgp/mime.
> Frankly, it's poor netiquette to post PGP/MIME messages to
> mailing lists, for one, and secondly, most mail clients
> cannot understand them. Signing your messages in a way that
> renders the signature useless for most PGP users serves no
> purpose whatsoever.
"most mail clients ..."=20
command line 'mail' comes to my mind, but then it doesn=B4t
understand ascii/pgp either :)
Some mailing lists I subscribe to filter messages with demime
to strip any mime attachement before distributin it (all
OpenBSD mailing list but one). I agree that mime attachments
to mailing lists are a nuisance.
Any pgp signature, be it pgp/mime or
ascii-armored|application/pgp, should not be included in a
post to a mailing list unless it is utterly important to
confirm the authory of the message. Sadly, it is up to
individuals to learn good net manners and to decide.
> Inline ASCII-armoring is the standard method for signing
> email. It is also the only method directly specified in RFC
> An important part of any GnuPG/Mutt FAQ would be
> instructions on how to configure Mutt to make compatible
> OpenPGP signatures in the traditional method. (No, this
> does not mean the broken Application/PGP method that Mutt
In what sense is app/pgp broken? (just asking).
> (This is not to say I don't recognise the value of PGP/MIME
> (and the new OpenPGP/MIME.) But crypto is worthless if it
> doesn't interoperate.
Then, this might be an argument for considering mail clients
with no pgp/mime capabilities as broken cryptowise.
> When the majority of PGP-aware mail apps can understand
> PGP/MIME, then I'll advocate switching for non-mailing list
No need to go overboard, just to apply a demime filter.
A better (ideal) choice would be to educate people, but
that=B4s a chimera right now.