atom-gpg at suspicious.org
Wed Feb 4 22:45:26 CET 2004
> > which one is considered to be supported most widely [in mail
> > clients]?
> I don't even think it's a question, inline is more widely supported.
> That's unfortunate, as PGP/MIME has the advantage of being defined in
> an RFC and can properly deal with all types of mail messages and
> formats, whereas inline breaks pretty quickly when you feed it much
> more than plain old ASCII. Inline also doesn't do anything for your
> attachments, making your job harder if you want to sign and encrypt a
> message to a friend and include an attachment.
the body of an email should really only contain plain-old ascii.
for signing attachments, i would either:
a) attach a signature for each attachment
(doubling the number of attachments)
b) specify the hash of any attachments in the body, and sign the body
i prefer the latter.
> > similarly, do any mail clients have a problem with an encrypted
> > message body?
> If you mean an inline encrypted message body, then yes, Evolution
> doesn't handle that. Perhaps it's not really best described as having
> a problem with it, it will display the encrypted message for you just
> fine, it just won't help you decrypt it. I'm guessing you're more
> curious to know if any MUA's break or otherwise act badly when they
> encounter such messages. I'm sure there are some, but I've not used
> any such MUA's.
i'm also curious which clients make it easy/hard to decrypt/verify a
message sent in a particular way, not just whether or not they crash.
> > sometimes i get an empty body with an encrypted attachment... i find
> > it rather annoying and inconvenient.
> I would think it would be. What MUA are you using that does this and
> what type of messages do this, inline or PGP/MIME? Just curious, as
> it might help me to avoid sending the wrong kind of message to someone
> in the future. It might also just be a problem with the sender's
i'm a fan of pine, although it has no native support at all for PGP. there
are some "plug-in" scripts that make it very nice though, as long as
everything is in-line. attachments have to be saved to a file and then
dealt with manually...
decryption and verification can be done 100% auto-pilot, as long as
everything is in the message body.
encryption and signing can be done with 1-2 extra keystrokes (not counting
a password!) or one of them can be configured to be the default way of
i have to admit that i did get a chuckle out of the outhouse reference...
anything that berates M$ is fine with me.
PGP key - http://smasher.suspicious.org/pgp.txt
3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
"Politics is the art of preventing people from taking part
in affairs which properly concern them."
-- Paul Valery
More information about the Gnupg-users