PGP/MIME considered harmful for mobile

David Shaw dshaw at jabberwocky.com
Fri Feb 25 19:00:45 CET 2011


On Feb 25, 2011, at 12:29 PM, Daniel Kahn Gillmor wrote:

> On 02/25/2011 12:11 PM, Martin Gollowitzer wrote:
>> * Patrick Brunschwig <patrick at mozilla-enigmail.org> [110225 10:10]:
>>> The only mail client on Android I know of to handle OpenPGP messages is
>>> K9 (together with APG). But K9 only supports inline-PGP, PGP/MIME
>>> messages are not displayed.
>> 
>> This is true, but K9 at least does display the messages correctly.
> 
> These two statements seem to be in direct contradiction to each other.
> 
> Is K-9 mail able to display the body of a text/plain PGP/MIME-signed
> message or not?  If answers differ based on the version of K-9 mail,
> what versions support it?
> 
> I am *not* asking about validating signatures -- I'm just talking about
> being able to read the (unvalidated) message contents of PGP/MIME-signed
> messages.

This is a crucial point.  I'm much more concerned that a mail client can display a PGP/MIME-signed message at all than I am about having support for message verification.  Message verification is very useful, but if the mail client can't display the message at all, then it is not compliant with MIME, much less PGP/MIME.

David




More information about the Gnupg-users mailing list