PGP/MIME considered harmful for mobile

Ingo Klöcker kloecker at
Sun Feb 27 11:04:59 CET 2011

On Saturday, February 26, 2011, MFPA wrote:
> Hi
> On Friday 25 February 2011 at 1:45:03 AM, in
> <mid:87lj14x4yo.fsf at>, Jameson Rollins wrote:
> > Yikes!  I thought we were almost done killing inline
> > signatures!  Don't revive it now!
> > 
> > If PGP/MIME is broken on android, we need to get them
> > to fix it, not go backwards to inline pgp.
> Using inline PGP signatures means using the simpler and more reliable
> of the two solutions. The fact that its specification was defined
> earlier does not mean using inline signatures is a step backwards;
> PGP/MIME is a complement to pgp inline, not a replacement.

The major problem I see with using cleartext signatures in email is the 
lack for support of non-ASCII text (or, more precisely, character 
encoding). Obviously, using ASCII armor to protect the text from being 
re-encoded to another encoding is no solution, since this will make 
inline PGP signed messages much less accessible than PGP/MIME messages.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110227/50aa96c6/attachment-0001.pgp>

More information about the Gnupg-users mailing list