PGP/MIME considered harmful for mobile
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Feb 25 04:15:56 CET 2011
On 02/24/2011 08:22 PM, Robert J. Hansen wrote:
> On Android's mail application, PGP/MIME attachments are nigh-unusable.
> It won't render even the plaintext portions: it has to be downloaded and
> opened with a text reader. If you're concerned about your mail being
> readable on a mobile device (which is increasingly important nowadays),
> you might want to consider switching to inline signatures.
Hm. maybe i don't know what you mean here, but i just tried to verify
this with a colleague, and i've come to a different conclusion.
I sent a simple text/plain e-mail wrapped in a PGP/MIME signature,
generated by enigmail (like this one).
that is, the message i sent is structured like this:
└┬╴multipart/signed 2181 bytes
├╴text/plain 219 bytes
└╴application/pgp-signature attachment [signature.asc] 1030 bytes
my colleague is using the application named "email", version 2.2.2 on a
stock 2.2.1 motorola droid.
He wrote me back:
>> The email shows fine, but when I try to view the attachment the email
>> application says it "cannot be displayed".
So, to be clear: PGP/MIME-signed plaintext mail did not cause any
problems with rendering on android in my test. The basic e-mail
application is unable to verify the signature, but i think we knew that
already.
I do *not* consider PGP/MIME harmful for mobile.
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110224/9b26ce81/attachment.pgp>
More information about the Gnupg-users
mailing list