Hi there-- On Wed 2016-02-24 17:37:32 -0500, Datse Multimedia Information wrote: > When I opened Thunderbird today I received a message about the use of > PGP-MIME as the new "default setting". The "old" recommednation was > that inline PGP (at least for signed messages, though not nescesarily > for messages which are encrypted) was more compatable.
That decision has been a contentious one for years, and the balance has tipped in favor of well-structured PGP/MIME messages. A (non-exhaustive) list of arguments against inline PGP signatures is here: https://dkg.fifthhorseman.net/notes/inline-pgp-harmful/ It's probably not worth re-kindling a flamewar here about this topic. > With an inline PGP message I see that the message is sent with a pretty > standard text based message. Most "standard" messages today are not just plain text, especially not raw US-ASCII. even the text/plain messages are often base64-encoded or quoted-printable-encoded UTF-8. But most messages today aren't just text/plain, much as some of us wish they were: they're text/html, or multipart/alternative, or they have attachments, etc. PGP/MIME handles all of those forms in a sensible fashion. > The problem that I see is that with inline MIME, there is an increased > risk of not being able to verify signatures which *should* be valid, or > the rendering of the email to be impossible to decrypt. When you say "inline MIME", i'm assuming you mean "inline PGP". There are lots of ways to break signatures; inline PGP signatures can (and are) easily broken by MTAs as well. This is in the nature of cryptographic signature schemes -- any byte added or removed anywhere in the part can actually break the signature. Regards, --dkg
signature.asc
Description: PGP signature
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
