MIME or inline signature ?

Hugo Osvaldo Barrera hugo at barrera.io
Sat Feb 14 16:49:16 CET 2015


On 2015-02-12 23:46, Xavier Maillard wrote:
> Hello,
> 
> in my quest of the perfect setup, I am asking myself what is the
> prefered way to sign a message: inline (like this one) or using a MIME header ?
> 
> Is there a big thumb rule to respect ?
> 
> Regards
> --
> Sent with my mu4e

This is a bit of a bikeshed discussion, but I'll still chime in.

Pros of GPG/Mime:
* It's a lot less ugly for users with no gpg support. The large signature block
  at the end and the gpg marks are hard to ignore.
* AFAIK, inline gpg has issues with non-ascii characters. 😞 Correct me if I'm
  wrong.
* Inline-gpg includes a signature for each attachment. This allows third
  parties to count how many files are attached (and their filenames, I
  believe). gpg/mime include one huge blob, so third parties can't tell this
  sort of metadata.

In the end, I'd suggest you go with what you prefer on a whim, more than
techinical reasons. I like gpg/mime because of the above reasons (the first two
are pretty important to me). But from a techinical point of view, you'll find
plenty clients that don't support one or the other. Some clients support one
with relative ease and require tweaking for the other.  

The truth is, none of the two deprecates the other, so there's no strong
convergence, IMHO.

-- 
Hugo Osvaldo Barrera
A: Because we read from top to bottom, left to right.
Q: Why should I start my reply below the quoted text?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: </pipermail/attachments/20150214/8f1264ef/attachment.sig>


More information about the Gnupg-users mailing list