Pros and cons of PGP/MIME for outgoing e-mail?

Bernhard Reiter bernhard at intevation.de
Mon Nov 24 10:01:28 CET 2014 

Bjarni,

On Sunday 23 November 2014 at 14:12:47, Bjarni Runar Einarsson wrote:
> https://www.mailpile.is/blog/2014-11-21_To_PGP_MIME_Or_Not.html

thanks for working on Free Software and for discussing questions 
like this in the open!

> Note that we already support incoming PGP/MIME and have no intention of
> abandoning that, it's merely a question of what is the best (default)
> format for outgoing encrypted mail.

The short answer (from someone that was in the project team of S/MIME 
implementations for mutt and kmail and support for PGP/MIME for Kontact Mail 
and the Outlook plugin for Gpg4win (my roles did include technical 
coordination, analysis and testing.):

I am on the PGP/MIME side of things, I recommend it as default for sending out 
emails. See also http://wiki.gnupg.org/SignatureHandling .

a) for encrypted emails, there is no drawback. Every email client just have to 
be able to deal with message/rfc822 mime-parts anyway.
b) for signatures, https://www.gnupg.org/faq/gnupg-faq.html#use_pgpmime lists 
the drawback that some transport agents will modify attachments. In the past 
I've published a number of patches and problem reports to Mailman, so I know 
this issue quite a bit. It is due to a missdesign of the python email package 
and it should be fixed. (And it is fixable by a reasonable effort).
Another drawback is that some proprietary email clients (like outlook) do not 
enable someone to influence the mime-structre. This is the bigger issue of 
course.

On the other hand, the advantages are clear and PGP/MIME seems the best design
given current standards and practure of SMTP and MIME. And given a reasonable 
mime library, the implementation for creation is much easier as for parsing 
and should not pose a major problem.

Best Regard,
Bernhard 


-- 
www.intevation.de/~bernhard (CEO)    www.fsfe.org (Founding GA Member)
Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998
Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20141124/3df8c373/attachment.sig>

More information about the Gnupg-users mailing list