Pros and cons of PGP/MIME for outgoing e-mail?

Ingo Klöcker kloecker at kde.org
Sun Nov 23 23:55:19 CET 2014


On Sunday 23 November 2014 13:12:47 Bjarni Runar Einarsson wrote:
> Hello gnupg-users!
> 
> I am the lead dev on Mailpile, a free software e-mail client where we're
> doing our best to improve the usability of PGP-encrypted e-mail. I have
> been pondering for quite some time the relative merits of various ways
> of formatting otugoing encrypted mail, and this weekend I took the time
> to summarize my findings and opinions in a blog post:
> 
> https://www.mailpile.is/blog/2014-11-21_To_PGP_MIME_Or_Not.html
> 
> The "tl;dr" is that it might be worth dropping PGP/MIME for outgoing
> encrypted mail and instead use a more ad-hoc approach which
> interoperates with more mail clients.

How do you plan to encrypt multipart messages with "a more ad-hoc approach 
which interoperates with more mail clients"? PGP/MIME solves this problem in a 
standardized way that all mail clients that support PGP/MIME can handle.


> I'm also tentatively proposing an
> approach to reducing the header metadata leakage (Subject, From, To,
> etc. being sent in the clear).

Sender address and recipient address are part of the mail envelope. As long as 
you use SMTP there's not much point in trying to hide the From and the To 
header. OTOH, due to SMTP's nature simply putting some dummy email addresses 
into From and To is trivial. I just think that it serves no real purpose. Who 
do you want to hide the From and To headers from who does not have access to 
the mail envelope?

Also, Werner Koch has mentioned several (?) times on this list that the 
obvious solution for this to attach the actual message to a wrapper message 
and encrypt the whole thing with PGP/MIME. Any fully MIME- and PGP/MIME-
capable mail client will be able to decrypt and display such a message out-of-
the-box.


Regards,
Ingo




More information about the Gnupg-users mailing list