PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)

Ingo Klöcker kloecker at kde.org
Wed Mar 25 23:14:57 CET 2015


On Wednesday 25 March 2015 21:06:53 martijn. list wrote:
> On 03/25/2015 08:41 PM, Doug Barton wrote:
> > On 3/25/15 11:08 AM, Bob (Robert) Cavanaugh wrote:
> >> Doug,
> >> Signature shows as an attachment "signature.asc". No evidence that PGP
> >> actions were envoked. Work forces use of Synaptic PGP, so I cannot
> >> tell if it is verified or not.
> > 
> > Thanks Bob, that is interesting feedback.
> > 
> > FWIW, I have received various other messages privately from people who
> > have said the same thing ... They can see the attachment, but either
> > message verification fails, or there is no indication on their side that
> > it is a PGP-signed message at all.
> > 
> > While this is strictly anecdotal evidence I would argue that it's a good
> > indication that we may not be ready for PGP/MIME as the default.
> 
> It looks like this is caused by the mailing list software (mailman).
> Mailman adds a banner to the mail and therefore the mail is no longer a
> valid PGP/MIME mail. I think mailman should be smart enough not to mess
> with digitally signed mail (same thing happens with S/MIME signed email).

Actually, mailman is that smart. mailman has put the body of the signed 
message together with the corresponding Content-type header as message part 
into a multipart/mixed container and has added the banner as second message 
part to the multipart/mixed container. My mail client (KMail) properly parses 
this "complex" message and shows the signed part and below the unsigned 
mailing list banner.

So it's not mailman that's not smart enough, but the mail clients the other 
recipients are using. Mail clients showing a "signature.asc" attachment 
probably do not understand PGP/MIME (which isn't that unusual because only a 
handful mail clients support PGP/MIME out-of-the-box without additional 
plugins).


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20150325/b5e3602e/attachment.sig>


More information about the Gnupg-users mailing list