MIME or inline signature ?
dougb at dougbarton.email
Sat Feb 14 22:36:08 CET 2015
FWIW, I hate this debate, and try hard to stay out of it. But it really
bothers me when people spread factually incorrect information,
especially when they try to use that as the basis of their arguments
for/against one method or the other.
On 2/14/15 7:49 AM, Hugo Osvaldo Barrera wrote:
> Pros of GPG/Mime:
> * It's a lot less ugly for users with no gpg support. The large signature block
> at the end and the gpg marks are hard to ignore.
Why are you signing mail that is being sent to people without PGP
support in the first place?
> * AFAIK, inline gpg has issues with non-ascii characters. 😞 Correct me if I'm
This hasn't been true for almost a decade, assuming that the person
using the non-ASCII characters has correctly set up their environment.
And FWIW, it's also not true that PGP/MIME will be 100% successful when
one of the communicants has not correctly set up their environment.
> * Inline-gpg includes a signature for each attachment. This allows third
> parties to count how many files are attached (and their filenames, I
> believe). gpg/mime include one huge blob, so third parties can't tell this
> sort of metadata.
Nothing you wrote in this section is 100% correct. You *can* send one
signature per attachment, but you don't have to. You can also bundle the
attachment and signature in an archive, or you can bundle a lot of
attachments in the same archive, and sign that, or you can bundle all of
the attachments and signatures in one archive .... etc.
It's also not true that PGP/MIME protects you from metadata analysis.
The messages are not "one big blob," they are actually separated into
parts, including the attachments. It's trivial to see how many
attachments are in a message just by analyzing the MIME headers, whether
the message/attachments are encrypted or not.
> In the end, I'd suggest you go with what you prefer on a whim, more than
> techinical reasons.
... or, you could use what your correspondents are able to handle, since
theoretically that's the point of communication in the first place? :)
hope this helps,
More information about the Gnupg-users