PGP/MIME considered harmful for mobile
kloecker at kde.org
Sun Feb 27 11:04:59 CET 2011
On Saturday, February 26, 2011, MFPA wrote:
> On Friday 25 February 2011 at 1:45:03 AM, in
> <mid:87lj14x4yo.fsf at servo.finestructure.net>, Jameson Rollins wrote:
> > Yikes! I thought we were almost done killing inline
> > signatures! Don't revive it now!
> > If PGP/MIME is broken on android, we need to get them
> > to fix it, not go backwards to inline pgp.
> Using inline PGP signatures means using the simpler and more reliable
> of the two solutions. The fact that its specification was defined
> earlier does not mean using inline signatures is a step backwards;
> PGP/MIME is a complement to pgp inline, not a replacement.
The major problem I see with using cleartext signatures in email is the
lack for support of non-ASCII text (or, more precisely, character
encoding). Obviously, using ASCII armor to protect the text from being
re-encoded to another encoding is no solution, since this will make
inline PGP signed messages much less accessible than PGP/MIME messages.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 198 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users