Steven W. Orr wrote the following on 6/19/09 6:45 PM: > I see that there are some people who send their messages (especially to this > list) with their messages signed via an attached signature. I can't imagine > that this question hasn't been asked before, but is there an advantage to > doing this vs having an inline signature? > > BTW, I run a mailinglist which strips all attachments. If I use a signature > attachment, am I further limiting an already limited audience? > > TIA
The question about detached signatures (PGP/MIME) has been asked before in this forum, and in many others that deal with crypto. First, to answer the question in the subject of your message (BTW, it's better to avoid inserting questions in an e-mail's subject, just state the subject): Attaching the sender's public key to an e-mail is not the same as signing the e-mail with a detached signature (PGP/MIME). Attaching the sender's key can be a courtesy to spare recipients the task of searching for the sender's public key. Some MUAs will offer you the possibility of either signing both the e-mail and the attached public key in one single "encapsulated" message, and that will force PGP/MIME, or to sign the e-mail only, and not the attached public key. Other MUAs will automatically force PGP/MIME when the e-mail has an attachment. As to the pro and cons, I'll refer you to David Shaw's post to this list: <http://lists.gnupg.org/pipermail/gnupg-users/2004-April/022208.html>. There are surely many other posts on the same topic. Not all MUAs are PGP/MIME compliant. If your mailing list strips all attachments, that's an additional problem. Have a fine week end. Charly _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
