MUA questions

Todd Freedom_Lover at pobox.com
Wed Feb 4 23:33:50 CET 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Atom 'Smasher' wrote:
> the body of an email should really only contain plain-old ascii.

Says who? :)

Does that exclude MIME of any type?  And what do you mean by the
message body?  Those lines are quite blurry with a capable MIME MUA.

> for signing attachments, i would either:
>  a) attach a signature for each attachment
> 	(doubling the number of attachments)
>  b) specify the hash of any attachments in the body, and sign the body
>
> i prefer the latter.

That sounds like a lot of extra work.  And it does nothing for you if
you want to encrypt those attachments as well as ensure that they
arrive intact.

The PGP/MIME specification handles that much more gracefully, IMHO.
You sign and/or encrypt the entire message one time.  This is not only
easier since you only have to enter your passphrase once, it also
eliminates the potential to forget to sign or encrypt a sensitive
attachment.  There are plenty of other benefits as well.

The only drawback I see with PGP/MIME is the lack of implementations
that support it.  That's changing though.  Many Linux MUA's support it
now.  The excellent combo of Mozilla and enigmail makes it available
to Windows users as well.  I'm not up on what other Windows MUA's
support PGP/MIME, but I know there are others.  The links in my
previous message list a bunch of them for several platforms.

> i'm also curious which clients make it easy/hard to decrypt/verify a
> message sent in a particular way, not just whether or not they
> crash.

Oh, ok then.  I think the links in my previous message should help you
there.  While the pages linked don't really tell you exactly how a
particular MUA makes things happen, they do tell you if they support
it or not.  Short of trying each one, you'd have to ask someone whose
opinion you trust whether a specific MUA makes it easy or hard.  I
think mutt makes it a breeze.  Many would disagree with me on that
though.  YMMV.

> i'm a fan of pine, although it has no native support at all for PGP.
> there are some "plug-in" scripts that make it very nice though, as
> long as everything is in-line. attachments have to be saved to a
> file and then dealt with manually...

I've never used pine.  I looked at it when I started with linux, but
it's lack of tight PGP integration put it out of the running for my
usage.

Many old pine users really like mutt if they give it a try.  If you
use PGP/GPG on a regular basis, I don't think mutt can be beat by any
other MUA, certainly not any other text-mode MUA's I've seen.  But
again, that's just my opinion.

> encryption and signing can be done with 1-2 extra keystrokes (not
> counting a password!) or one of them can be configured to be the
> default way of sending mail.

That's always a handy thing.  In mutt, you have the power of hooks
that allow you to specify per folder, per sender, per reply, etc, what
actions to take.  By default, I sign all messages.  I have a list of
people I always encrypt and sign messages to.  I also have a list of
people I never sign messages to.  Then I use inline most of the time
but for a few folks and mailing lists I use PGP/MIME.  Lastly, when I
reply to non-list mail, I have mutt look for some X-Mailer and
User-Agent headers of MUA's that are known to support PGP/MIME and I
send in that format when I reply to those users.  That sort of fine
grained control is what I love most about mutt.

> i have to admit that i did get a chuckle out of the outhouse
> reference...  anything that berates M$ is fine with me.

Well, we'd be veering far off topic if we went much further down that
road, but I will add that while I despise outlook (mostly the express
version) for the hassles it causes regarding PGP/GPG usage, I'm not
one to bash MS just for the hell of it.  I choose not to use their
software, but I don't begrudge them making money, which is how I tend
to see the M$ abbreviation.  Making money through free markets is a
great thing.  The world needs more of it.  I just choose to give my
money to other companies, that's all.

(Sorry for that wildly off topic closer there.)

- -- 
Todd        OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
======================================================================
After all, there is no position so absurd that you cannot get a great
many people to assume it.
    -- Gore Vidal

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.

iD8DBQFAIceuuv+09NZUB1oRAoRHAKCS3mKD67wDJWslRXmOh7dNj4m54gCggiPe
dnSCsm8y6l3tIlCsw1uXf3s=
=iW29
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list