Are gpg signatures considered attachments?

Thorsten Haude linux at thorstenhau.de
Sun Dec 25 21:40:57 CET 2005


Hi,

* Chris wrote (2005-12-25 20:29):
>On Sunday 25 December 2005 11:54 am, Thorsten Haude wrote:
>> * Chris wrote (2005-12-25 17:22):
>> >I know that is probably a lame question, however, I'm on several mailing
>> >lists that are bouncing my messages back to me because they are signed.
>> > The list owners are telling me this is because they don't allow
>> > attachments.
>>
>> Mutt adds a 'Content-Disposition: inline' to the MIME part containing
>> the signature. This seems to work, I don't remember any bouncing
>> mails. (Pipermail has a problem with signed attachments though.)
>
>Thanks Thorsten. It was pointed out to me that my signatures had been added 
>as attachments which was causing the bounces.  When I changed to 'inline' 
>the problem went away. Kmail however shows 'Inline OpenPGP (deprecated)' 
>not exactly why it shows that, but its the option I'm now using.

No, you misunderstood me. The way you sign your mails now is indeed
deprecated, I don't use it and I don't recommend it.

I use PGP/MIME signatures, which Mutt tags as inline MIME elements
following RFC 2183:
- - - Schnipp - - -
2.1  The Inline Disposition Type

   A bodypart should be marked `inline' if it is intended to be
   displayed automatically upon display of the message.  Inline
   bodyparts should be presented in the order in which they occur,
   subject to the normal semantics of multipart messages.
- - - Schnapp - - -

So a smart mail handler (eg. a mailing list software) that does not
know about PGP/MIME can at least gracefully fall back.


KMail does not set this field for the signature (it does for the mail
text), so this is a KMail bug. I'm not sure how receiving MUAs are
expected to cope with a non-existing Content-Disposition field, but
there is a hint in the RFC: "Unrecognized disposition types should be
treated as `attachment'."


Here is a rough outline of the MIME headers of our mails:
- - - Schnipp - - -
KMail, signed mail (ie. wrapper around mail text + signature):
Content-Type: multipart/signed;
    boundary="nextPart2829039.id6uN21AOM";
    protocol="application/pgp-signature";
    micalg=pgp-sha1
Content-Transfer-Encoding: 7bit

    KMail, mail text:
    Content-Type: text/plain; charset="us-ascii"
    Content-Transfer-Encoding: quoted-printable
    Content-Disposition: inline

    KMail, signature:
    Content-Type: application/pgp-signature
- - - Schnapp - - -

- - - Schnipp - - -
Mutt, signed mail:
Content-Type: multipart/signed;
    boundary="CXFpZVxO6m2Ol4tQ"
    protocol="application/pgp-signature";
    micalg=pgp-sha1;
Content-Disposition: inline

    Mutt, mail text:
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: quoted-printable
    Content-Disposition: inline

    Mutt, signature:
    Content-Type: application/pgp-signature
    Content-Disposition: inline
- - - Schnapp - - -


So the only difference is KMail's redundant Content-Transfer-Encoding
(which is 7bit by default anyway) and Mutt's Content-Disposition.


In conclusion, use whatever works for you, but please try to get the
KMail guys to add the Content-Disposition field by filing a bug with
them (they may regard it as a feature request).


Thorsten
-- 
Unix is not an 'A-ha!' experience, it is more of a 'Holy shit!' experience.
    - Colin McFadyen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20051225/18f492d4/attachment.pgp


More information about the Gnupg-users mailing list