Signing Mails with OpenPGP like DKIM [was: gpg like DKIM]

[Andrew Gallagher]

On 5 Sep 2024, at 16:04, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> 
> PS for the record, i think there is one major concern about PGP/MIME
>   multipart/signed: for users of MUAs that don't understand PGP/MIME,
>   the signature shows up as a mystery attachment.  I can't tell you the
>   number of times that i get a response from a colleague that says "i
>   can't open your attachment, please re-send".  That happens often
>   enough that i deliberately do not sign mail unless i know the
>   recipient won't do that.  That means i don't sign most of my mail,

I’ve been signing all my email (from my laptop anyway) for twenty years, and the last time I had complaints about mystery attachments was in the early 2000s. That said, there are a lot of automated systems (e.g. bug trackers) that treat the attachment as a file that needs to be recorded for posterity, e.g. attaching it to a ticket on every emailed comment/reply (although this also applies to HTML email signature footers, which is more annoying). So I do think that moving from an attachment-based cleartext format to a header-based one has some advantages.

A
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240911/545c6fef/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240911/545c6fef/attachment-0001.sig>