PGP/MIME considered harmful for mobile

Werner Koch wk at
Sun Feb 27 20:36:54 CET 2011


I once hoped the discussion about MIME vs. crufty inline signatures has
been settled a long time ago.  Today that even Microsoft Outlook handles
it correctly for more than 7 years, the new excuse seems to be some
buggy new mail applications.  I don't buy such an excuse.  MIME is so
primitive and easy to implement that any application can handle it.  In
fact it is easier to handle core MIME services correctly than not to do
it.  An application which does not handle MOSS correctly will for sure
be broken in other areas as well.  And you trust such buggy code to
render HTML mails?

It's been more than 15 years that MOSS as been defined:

1847 Security Multiparts for MIME: Multipart/Signed and
     Multipart/Encrypted. J. Galvin, S. Murphy, S. Crocker, N. Freed.
     October 1995. (Format: TXT=23679 bytes) (Status: PROPOSED STANDARD)

PGP/MIME (rfc2015, 1996) is not required to display signed MOSS mails.
We should expect that 1847 has been implemented in any MIME aware MUA;
in particular as it seems that S/MIME, which is also based on MOSS, does

Please go an fix these buggy mail applications.  I heard rumors that
Android is about Free Software and the reason for its success; thus
where is the problem? .-)



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list