MIME or inline signature ?

Greg Sabino Mullane greg at turnstep.com
Sat Feb 14 22:26:55 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160


Daniel Kahn Gillmor wrote:
> This part appears to be out of date:
>
>   Since PGP/MIME can't reliably be sent to the three largest GnuPG
>   mailing lists, itâs hard to claim that PGP/MIME is ready for
>   widespread usage. For now, itâs best to use inline traffic unless you
>   can be certain that PGP/MIME messages will not be mangled in transit.
>
> I don't know if this is true for PGP-Basics, but it is certainly not
> true for enigmail or gnupg-users.  Please update the FAQ!

>     --dkg, noting the irony of the parent message being sent with
>       S/MIME, an entirely different standard

Also ironic, and one of the main reasons I prefer inline, is the 
inability of many archiving systems to preserve attachments - 
including lists.gnupg.org!

For example, when one visits the message I quoted above:

http://lists.gnupg.org/pipermail/gnupg-users/2015-February/052456.html

This appears at the bottom of the message:

  A non-text attachment was scrubbed...
  Name: signature.asc
  Type: application/pgp-signature
  Size: 948 bytes
  Desc: not available
  URL: </pipermail/attachments/20150212/35eeffd7/attachment.sig>

(That URL path on lists.gnupg.org is 404, unless I am 
overlooking some needed munging.)

While some sites manage to keep the attachement 
intact (e.g. gossamer-threads.com), most do not, e.g.

http://readlist.com/lists/gnupg.org/gnupg-users/4/24735.html

http://markmail.org/message/jajkjbvf7smmjkrr

So far all of inline's flaws, it is far better at maintaining 
message integrity (see also: forwarding and cut-n-paste).

- -- 
Greg Sabino Mullane greg at turnstep.com
End Point Corporation http://www.endpoint.com/
PGP Key: 0x14964AC8 201502141623
http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8
-----BEGIN PGP SIGNATURE-----

iEYEAREDAAYFAlTfvXcACgkQvJuQZxSWSsiwNQCfRjtx6nOonWn8eQ7ov2w9/ISI
tKUAn1+cb8Z0guCXJbjiiuVvSOz2dsD2
=MauL
-----END PGP SIGNATURE-----





More information about the Gnupg-users mailing list