On Sat, 31 Aug 2024 18:29, T. S. said: > either because of the -----BEGIN PGP SIGNED MESSAGE----- strings, or because > the unknown attachments in MIME message.
Don't use those legacy inline PGP encryption. Use PGP/MIME, a 28 year
old standard (RFC-2015). You should give that unnamed attachment a
name, for example
Content-Type: application/pgp-signature;
name="openpgp-digital-signature.asc"
which clearly shows what kind of attachment this is.
> When now looking to DKIM, this looks much more advanced. There is a Header in
> the mail, containing the signature all details to the signature and
<the_usual_rant> You may want to go back to the year ~2000 when DKIM was
first presented at the IETF in Paris. It was then a quick hack from the
sendmail authors and it took only a few hours until an attack on this
was found. DKIM also broke with the long standing rule of being able to
work in a pipeline (iirc, this is called an online algo these days).
Instead of doing all that DKIM stuff it would have been easier to
directly use S/MIME or PGP/MIME and include copies of important headers
in a signed attachment. But well, attachments are ugly for some people.
</>
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
openpgp-digital-signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
