Pros and cons of PGP/MIME for outgoing e-mail?

Bjarni Runar Einarsson bre at pagekite.net
Mon Nov 24 13:44:31 CET 2014


Hi Werner!

Werner Koch <wk at gnupg.org> wrote:
> Hi Bjarni,
> 
> On Sun, 23 Nov 2014 14:12, bre at pagekite.net said:
> 
> > https://www.mailpile.is/blog/2014-11-21_To_PGP_MIME_Or_Not.html
> 
> Not read (yet).
> 
> > The "tl;dr" is that it might be worth dropping PGP/MIME for outgoing
> > encrypted mail and instead use a more ad-hoc approach which
> 
> Please don't do this.  

Since you haven't read the post, you don't know what I am proposing. So
why would you say this? :-P

> In particular the encrypted format is so easy to create and parse that it is not worth to even think about it.

This is demonstrably incorrect, I have given numerous examples of mail
clients and plugins that fail to accomplish this supposedly simple task.

> > interoperates with more mail clients. I'm also tentatively proposing an
> > approach to reducing the header metadata leakage (Subject, From, To,
> > etc. being sent in the clear).
> 
> Wrap in a message/rfc822 part.

If PGP/MIME had proposed this from the start, then I wouldn't be able to
make cheap shots about Subject lines and indeed, living with the other
problems would be far more palatable.

But PGP/MIME missed that boat, and the user experience of a
message/rfc822 part inside a multipart encrypted wrapper is really not
acceptable in today's clients. You wouldn't want to read all your
incoming mail that way.

Also consider that desktop users who don't have a PGP/MIME capable
e-mail client installed, probably don't have user friendly tools for
handling raw e-mail data either. So this doesn't help compatibility.
It's better than the fragments of MIME we get today, but still not
great. Note that I am very specifically exploring whether there are ways
to interact better with the clients we have today.

I'm not feeling much enthusiasm from the community though, mostly
push-back. I'll admit I am disappointed, but it's useful feedback all
the same. No matter how much thought I put into the proposal, if the
community isn't interested then I should probably focus on other things.

Thanks for taking the time!
 - Bjarni

-- 
I make stuff: www.mailpile.is, www.pagekite.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: OpenPGP Digital Signature
URL: </pipermail/attachments/20141124/e2797bb2/attachment.sig>


More information about the Gnupg-users mailing list