On 31 Aug 2024, at 23:35, T. S. <[email protected]> wrote:
>
> Hello,
>
> after looking into DKIM details, I started searching, why the same procedure
> cannot be used for gpg?
> With gpg a lot of people from get confused, when they receive signed mails
> either because of the -----BEGIN PGP SIGNED MESSAGE----- strings, or because
> the unknown attachments in MIME message.
>
> When now looking to DKIM, this looks much more advanced. There is a Header in
> the mail, containing the signature all details to the signature and
> information about header items included in the signature:
<snip>
> Is somethings similar available for GPG/PGP?
>
> Currently I found nothing, but I expect that this could help for much better
> acceptance for signed mails. Receivers, who don't know anything about gpg
> getting not confused, as the Header is totally invisible.
> With such an implementation I would start again sending all my mails
> automatically signed, as I have not longer to answer questions about my weird
> looking mails.
You’re essentially talking about defining a new cleartext signing mechanism, so
that people using PGP-unaware mail clients can remain blissfully unaware, while
also allowing for a graceful upgrade to signed mail for those who can.
Unfortunately, history has taught us that any cleartext sent over email *will*
be mangled, and this will break the signature. MTAs are in general really bad
at preserving the content of email messages. The only reliable way we know of
to protect your signed plaintext is to encode it in something more robust, such
as base64. Even then, if it is encoded as a base64 MIME part, MTAs have been
known to mangle the MIME headers, which breaks the signature. And if you don’t
sign over the MIME headers, your email is dangerously malleable (see efail).
So for the foreseeable future at least, it seems you can have trustworthy
signed emails or you can have backwards-compatible cleartext signing, but not
both.
A
_______________________________________________
Gnupg-users mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnupg-users
