Pros and cons of PGP/MIME for outgoing e-mail?
Bjarni Runar Einarsson
bre at pagekite.net
Mon Nov 24 13:44:31 CET 2014
Werner Koch <wk at gnupg.org> wrote:
> Hi Bjarni,
> On Sun, 23 Nov 2014 14:12, bre at pagekite.net said:
> > https://www.mailpile.is/blog/2014-11-21_To_PGP_MIME_Or_Not.html
> Not read (yet).
> > The "tl;dr" is that it might be worth dropping PGP/MIME for outgoing
> > encrypted mail and instead use a more ad-hoc approach which
> Please don't do this.
Since you haven't read the post, you don't know what I am proposing. So
why would you say this? :-P
> In particular the encrypted format is so easy to create and parse that it is not worth to even think about it.
This is demonstrably incorrect, I have given numerous examples of mail
clients and plugins that fail to accomplish this supposedly simple task.
> > interoperates with more mail clients. I'm also tentatively proposing an
> > approach to reducing the header metadata leakage (Subject, From, To,
> > etc. being sent in the clear).
> Wrap in a message/rfc822 part.
If PGP/MIME had proposed this from the start, then I wouldn't be able to
make cheap shots about Subject lines and indeed, living with the other
problems would be far more palatable.
But PGP/MIME missed that boat, and the user experience of a
message/rfc822 part inside a multipart encrypted wrapper is really not
acceptable in today's clients. You wouldn't want to read all your
incoming mail that way.
Also consider that desktop users who don't have a PGP/MIME capable
e-mail client installed, probably don't have user friendly tools for
handling raw e-mail data either. So this doesn't help compatibility.
It's better than the fragments of MIME we get today, but still not
great. Note that I am very specifically exploring whether there are ways
to interact better with the clients we have today.
I'm not feeling much enthusiasm from the community though, mostly
push-back. I'll admit I am disappointed, but it's useful feedback all
the same. No matter how much thought I put into the proposal, if the
community isn't interested then I should probably focus on other things.
Thanks for taking the time!
I make stuff: www.mailpile.is, www.pagekite.net
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 213 bytes
Desc: OpenPGP Digital Signature
More information about the Gnupg-users