PGP/MIME considered harmful for mobile
gollo at fsfe.org
Sun Feb 27 09:25:34 CET 2011
* Doug Barton <dougb at dougbarton.us> [110227 05:30]:
> If you look at the characteristics of the actual messages encrypted mail
> is very similar whether it's in-line or MIME. It's signed messages that
> make things interesting because the signature in a MIME message is
> actually (sort of) an attachment but also sort of not, which is why it
> confuses simple mail readers like Outlook Express.
Encrypted messages differ from signed messages. The percentage of
inline-signed messages I receive with bad signatures is much higher than
the number of PGP/MIME messages with broken signatures.
Despite that, there are MUAs which do not automatically parse every
message completely to see if there's inline PGP content in them, but if
the see that a message uses PGP/MIME they immediately try to
decrypt/verify the message.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 490 bytes
Desc: not available
More information about the Gnupg-users