Mutt/GnuPG doc initial release

Horacio homega@wanadoo.es
Mon Sep 24 12:30:02 2001 

On Sun, Sep 23, 2001 at 09:53:37PM -0700, Len Sassaman wrote:

> >From the document:

>=20

> "The outdated standard for making attached signatures was

> to paste it at the bottom of the message, but the new

> standard involves an actual MIME attachment to the message.

> Regardless, Mutt can verify either style."

>=20

> This is not correct. The only people who refer to the

> inline ASCII-armored signatures as "outdated" are the Mutt

> developers. Read the RFCs.


I belive they refer to it as *old* rather than *outdated* or
*obsolete*.  There is a slight difference imho.

If you complain about mutt not offering an easier (rather
more obvious) way to deal with text/pgp, then fine.  But
there is nothing wrong with them favouring pgp/mime.


> Frankly, it's poor netiquette to post PGP/MIME messages to

> mailing lists, for one, and secondly, most mail clients

> cannot understand them. Signing your messages in a way that

> renders the signature useless for most PGP users serves no

> purpose whatsoever.


"most mail clients ..."=20
command line 'mail' comes to my mind, but then it doesn=B4t
understand ascii/pgp either :)

Some mailing lists I subscribe to filter messages with demime
to strip any mime attachement before distributin it (all
OpenBSD mailing list but one).  I agree that mime attachments
to mailing lists are a nuisance.

Any pgp signature, be it pgp/mime or
ascii-armored|application/pgp, should not be included in a
post to a mailing list unless it is utterly important to
confirm the authory of the message.  Sadly, it is up to
individuals to learn good net manners and to decide.


> Inline ASCII-armoring is the standard method for signing

> email. It is also the only method directly specified in RFC

> 2440.

>=20

> An important part of any GnuPG/Mutt FAQ would be

> instructions on how to configure Mutt to make compatible

> OpenPGP signatures in the traditional method. (No, this

> does not mean the broken Application/PGP method that Mutt

> offers!)


In what sense is app/pgp broken? (just asking).


> (This is not to say I don't recognise the value of PGP/MIME

> (and the new OpenPGP/MIME.) But crypto is worthless if it

> doesn't interoperate.


Then, this might be an argument for considering mail clients
with no pgp/mime capabilities as broken cryptowise.


> When the majority of PGP-aware mail apps can understand

> PGP/MIME, then I'll advocate switching for non-mailing list

> email.)


No need to go overboard, just to apply a demime filter.
A better (ideal) choice would be to educate people, but
that=B4s a chimera right now.


Regards,
--=20
Horacio