> From:  Paul Schinder <[EMAIL PROTECTED]>
> Date:  Thu, 17 Jun 1999 11:35:47 -0400
>
> On Thu, Jun 17, 1999 at 11:24:36AM -0400, Alex Miller wrote:
> } But I'm really surprised that I haven't encountered this problem before? Are
> } Chris and Mark the only folks out there using PGP? I subscribe to a lot of
> } mailing lists, which get shunted off to various folders, so I recieve mai
> } from literally thousands of users.
> 
> There are a couple of different ways that e-mail gets PGP signed.
> PGP-MIME seems to be the more uncommon way, at least in the e-mail I
> get.  The usual way is to simply include the PGP signature in text at
> the bottom of the message with some simple non-MIME delimiters around
> the message (on this list Sam, if I remember right, signs his e-mail
> in this way).  Some software, like mutt, only does PGP-MIME signing.
> Eudora can do it either way.

Basically, the plain text approach isn't a standard, it's more of a 
convention.  It's the most compatible, but it doesn't allow you to sign 
multipart or otherwise typed email messages.  What usually happens if you have 
an attachment is that the plain text is signed, but the attachment isn't.  If 
you think about it, that's kinda silly since the attachment is probably more 
critical than the text which says something like "here's the file I promised 
you."

The PGP-MIME approach is a standard (I don't recall which RFC off hand), but 
it's not widely deployed yet.  As a rule, most clients that don't support 
PGP-MIME see the signature as an attachment, so I frequently get email from 
people with older versions of Eudora asking me what that attachment was that I 
sent them.  (They usually tell me they tried to open it as well...I assume 
these are the same people who pass email viruses around.)

Chris

-- 
Chris Garrigues                 virCIO
+1 512 432 4046                 4314 Avenue C                    O-
http://www.DeepEddy.Com/~cwg/   Austin, TX  78751-3709
                                +1 512 374 0500

  My email address is an experiment in SPAM elimination.  For an
  explanation of what we're doing, see http://www.DeepEddy.Com/tms.html 

    Nobody ever got fired for buying Microsoft,
      but they could get fired for relying on Microsoft.


PGP signature

Reply via email to