PGP/MIME considered harmful for mobile

Ingo Klöcker kloecker at kde.org
Tue Mar 1 22:20:52 CET 2011


On Sunday 27 February 2011, Doug Barton wrote:
> On 02/27/2011 02:04, Ingo Klöcker wrote:
> > On Saturday, February 26, 2011, MFPA wrote:
> >> Hi
> >> 
> >> 
> >> On Friday 25 February 2011 at 1:45:03 AM, in
> >> 
> >> <mid:87lj14x4yo.fsf at servo.finestructure.net>, Jameson Rollins 
wrote:
> >>> Yikes!  I thought we were almost done killing inline
> >>> signatures!  Don't revive it now!
> >>> 
> >>> If PGP/MIME is broken on android, we need to get them
> >>> to fix it, not go backwards to inline pgp.
> >> 
> >> Using inline PGP signatures means using the simpler and more
> >> reliable of the two solutions. The fact that its specification
> >> was defined earlier does not mean using inline signatures is a
> >> step backwards; PGP/MIME is a complement to pgp inline, not a
> >> replacement.
> > 
> > The major problem I see with using cleartext signatures in email is
> > the lack for support of non-ASCII text (or, more precisely,
> > character encoding).
> 
> Can you provide examples that do not work when both the mail
> client(s) and gnupg are properly configured to use UTF-8?

No, sorry. I haven't been using inline PGP signatures for ages and 
neither do most of the people I exchange emails with. Therefore I cannot 
provide real world examples.

Back when I was still using inline PGP signatures I regularly got 
replies with a full quote of my inline-signed message where the 
signature on the quoted message was broken. You might say that it's not 
relevant because it's just a quote. But I say it is very relevant if 
such a reply is forwarded to a third party. And also if it isn't 
forwarded a bad signature is still highly irritating (at least to me).

Of course, my experience is from a time when UTF-8 wasn't used in email. 
But do the standard mail clients (Outlook, GMail, Thunderbird) really 
default to UTF-8 nowadays? Expecting people to properly configure their 
mail clients is an unrealistic dream.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110301/db66f52f/attachment.pgp>


More information about the Gnupg-users mailing list