Re: PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Monday 30 March 2015 at 7:21:35 PM, in
, Ville Määttä wrote:



> That's a "mental breakdown" of the user :). Sorry about
> the ambiguity.


I find malformed emails full of HTML tags and almost totally
unreadable throughout to be a greater risk to mental health than a few
lines of PGP signature. (-;



- --
Best regards

MFPA  

What's another word for synonym?
-BEGIN PGP SIGNATURE-

iQF8BAEBCgBmBQJVGanzXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwJyYH/0qgA4id0rmNA5zXnFCevzjW
rxDPeXPNjaUd/mB/bWmwUhMLYYCo+a1q8iqEhB3QW5HC5asHSV+sVjVmTMDLerVW
lZP5pKiFn21hQY65s4kZtYrTsNMm148+6AU7U6n7M2SJaX4xwkCB5zwkWOCRcFY6
yyxpJv4sTGIxvjdsY8hERwRi5tU6MnbMyiIQg15qvi9CHPO1KkaLkKKY4Z12tMZ9
kjM38YDiI7bYKZQzc/PLWX7CLjCs+PTslg5yAmWuC2fUooig+NCvgI4bD2SpUMx2
js0LgccMVjK+LPeB92iP6Jd9+XU5c4mtfY7qP0qRgBlw5t1zsf7+1vQc+pHn8n2I
vgQBFgoAZgUCVRmp9F8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45NdeAQDmIrbG18G/CHo7OwaSiXyugzPf
WR2muUZiIolQSEF3tgEAbrl2bNOW/tR7OulJ/cb+q/pt7cFD0+H0kZh5Vil9QQs=
=JUYZ
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)

[Ville Määttä]

On 25.03.15 22:32, Doug Barton wrote:
> On 3/25/15 1:20 PM, Ville Määttä wrote:
>> On 25.03.15 21:41, Doug Barton wrote:
>>> While this is strictly anecdotal evidence I would argue that it's a good
>>> indication that we may not be ready for PGP/MIME as the default.
>>
>> I think that fail, a signature.asc attachment, is still a "cleaner fail"
>> than a non-PGP receiver getting a breakdown from inline PGP. And that is
>> for every single email.
> 
> How are you using the term "breakdown" here? If their client isn't doing
> PGP they see some extraneous text, and a signature block. While I agree
> that for those not using PGP that is clutter, I am not sure what you
> mean by "breakdown."

That's a "mental breakdown" of the user :). Sorry about the ambiguity.

> 
>> I have not received a single question from anyone regarding my PGP/MIME
>> signed emails. Not one. And I'm talking about the ones that don't use
>> PGP / have no clue what PGP is.
> 
> We've already established that PGP/MIME is a "cleaner" solution for those 
> that don't use PGP. I'm not debating that point, and I don't think anyone 
> else is either. 

I suppose I must've missed that we had established that…

> The question at hand is for those that *do* use PGP, which is more effective? 
> TMK there are no mail clients that fail to process a valid in-line signature, 
> but obviously there are still clients that cannot correctly handle PGP/MIME. 

True.

I consider both inline and PGP/MIME equally to be something of a MUST
support for any client / plugin that claims to support PGP. Whether
support is done by the client itself or a plugin is not that important
to me as long as someone is maintaining support.

-- 
Ville



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Thursday 26 March 2015 at 8:10:08 PM, in
,
Brian Minton wrote:


> I meant what I said about them gmail being a client.

This is only true in the limited sense that they provide a webmail
interface that performs a function equivalent to an email client. (And
yes, I'm being a bit pedantic.)



> But, doing so loses some of
> the best features of gmail (google search on your
> inbox,

I find the search function in my favourite MUA far superior to that in
gmail's web interface.



> google chat,

As far as I'm concerned, the only useful thing in any "Chat" function
is the ability to turn it off. (-:



> conversation view

Which is a pale imitation of the real threading found in decent mail
clients. Unless it has massively improved in the few months since I
last needed to go to the gmail webmail interface because something
they changed had broken the POP access for my gmail account




- --
Best regards

MFPA  

Only dead fish go with the flow
-BEGIN PGP SIGNATURE-

iQF8BAEBCgBmBQJVFHQ4XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwvCgH/AxGWxNM7g1s+ZpHTOmKiJHm
wo2LLL192f93DiulmO4OiB00wFf1Iw1DLzHhkgnNnmYnKNkQWT3CIONIG8KIGHJz
fnpujs0R0HwHiShk5z16PhmFChbGU0y5cnz9J32ZuGg2bTue1exRhiRjs+/v7D5a
vEXzo0I3msX9Jd5OrGRY1V1S63bmxrJk3OOi6Qln54dtLd/yGQudTm8V5CvzT3TU
Eacj99gjxGDG1CWtlWM3Pv4Ej1SrnLPJmlYU+7XF7j/ZIH9bJKPw5zs6Cx8ZMZ/O
1N/n/1Exgi/myLzAxepV46TzKxoqOy3yAiOi+/jYI2pd+9jsbNooABe1byjX/r2I
vgQBFgoAZgUCVRR0QV8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45P65AQBodW5i9cBVUQrcWTAN81Ttr+Hg
0vNU0AC8tjmBsDpMigEAjCD9+2hx4VEFd2uHXms7yfSSb3fc9sRqyx98+9qc3Qc=
=98JR
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)

[Brian Minton]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Mar 26, 2015 at 3:49 PM, MFPA
<2014-667rhzu3dc-lists-gro...@riseup.net> wrote:
>
> Gmail is an email service provider, not an email client. They provide
> access via a webmail site for those who wish to process their email
> using a web browser, as well as by both POP and IMAP, for those who
> wish to process their email using an email client.
>

I meant what I said about them gmail being a client.  I agree that they
are also an email service, and it's true that you can access the gmail
mail service with imap, but I don't think it's as popular as their web
interface.  To be fair, I don't have any verifiable sources for that
claim.  But, doing so loses some of the best features of gmail (google
search on your inbox, google chat, conversation view, etc.)  Yes, I
know that lots of email clients have conversation view and search, but
for comparison, searching my ~12GB of mail on Thunderbird takes a lot
longer and is a lot clunkier of an interface than the nearly instant
search using gmail's web interface.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iF4EAREIAAYFAlUUZ30ACgkQa46zoGXPuqntbAD7BQusaURejvYPdajyOzR/BrxF
CG+rkTHyh4G9ild9mQkA/i1RmkvW1jLilAzW2wgm9CtFgXdaOV6eTHfWUsAtiwwy
=gmpG
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Thursday 26 March 2015 at 4:17:46 PM, in
,
Brian Minton wrote:



> I think gmail is the single most popular email client,


Gmail is an email service provider, not an email client. They provide
access via a webmail site for those who wish to process their email
using a web browser, as well as by both POP and IMAP, for those who
wish to process their email using an email client.


- --
Best regards

MFPA  

A bird in the hand makes it awfully hard to blow your nose
-BEGIN PGP SIGNATURE-

iQF8BAEBCgBmBQJVFGLHXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwlZcH/iamfSyiGJ9bQCHdABWPZOTC
s8VyXwNCJxbbiNd2UQTXX4fpyrJrKUNv8fNLHWMhMPnCHQYMaszmoJkZzcJ/sCFF
3AQ0dsTxotX1pbe7nWTF0Gb/G3eStPRMYfyfBnmkOsgz3S0gAmI6cf4f2V6Zdlmq
kqRPfAcdaoYFyf0B28gwy16zR4C+GgzVPts39Mpzu3s4o7w9LXLD9w1N1t0uiSyU
B2qXBy9XWsELoVwuOOE55gGYaadl+vrRTkgsLBdnTqYt+hPmmIygK11izKCEHQJv
ZBBT1//cd1EIXHh9y9zTe9iY6744C3fkv2fznzQRLn/YXcw20mwrtDwM/qzhUXCI
vgQBFgoAZgUCVRRizl8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45CqyAQBgS/yMgSYKFIVlDDwlmceV+n06
TURroaMFqNuCed+hKAEAMmcnlRESwTpB60Xuia+ltUUGyybiOmeAvkWdMVHbUgg=
=+O0d
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)

[Ville Määttä]

On 26.03.15 01:38, Daniele Nicolodi wrote:
> On 25/03/15 23:56, Ville Määttä wrote:
>> > On 26.03.15 00:14, Ingo Klöcker wrote:
>>> >> So it's not mailman that's not smart enough, but the mail clients
>>> >> the other recipients are using. Mail clients showing a
>>> >> "signature.asc" attachment probably do not understand PGP/MIME
>>> >> (which isn't that unusual because only a handful mail clients
>>> >> support PGP/MIME out-of-the-box without additional plugins).
>> > 
>> > It seems to me that emails sent and signed by Thunderbird +
>> > Enigmail are displayed just fine by it. No signature.asc quirks.
>> > But emails sent by others are displaying the attachment in addition
>> > to the normal Enigmail added UI signature information. Ingo, Doug,
>> > Samir and Bob; I see the attached file for each of you but not my
>> > own PGP/MIME mails routed back to me from the list :).
> The difference must be somewhere else: I use Thunderbird 31.5.0 and
> Enigmail 1.8 (20150316-1815) and, while it recognizes the signatures,
> I see the attachment "signature.asc" for all the PGP/MIME signed
> emails I've checked.

I sent a signed message to Daniele off list. Signature recognized fine
and no attachment. So a bug, i.e. the extra attachment, in Enigmail's
reading of mails that have gone through Mailman even though Mailman
produced MIME should be valid?

-- 
Ville



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)

[Antony Prince]

On 3/26/2015 1:57 PM, Ville Määttä wrote:
> On 26.03.15 01:38, Daniele Nicolodi wrote:
>> On 25/03/15 23:56, Ville Määttä wrote:
 On 26.03.15 00:14, Ingo Klöcker wrote:
>> So it's not mailman that's not smart enough, but the mail clients
>> the other recipients are using. Mail clients showing a
>> "signature.asc" attachment probably do not understand PGP/MIME
>> (which isn't that unusual because only a handful mail clients
>> support PGP/MIME out-of-the-box without additional plugins).

 It seems to me that emails sent and signed by Thunderbird +
 Enigmail are displayed just fine by it. No signature.asc quirks.
 But emails sent by others are displaying the attachment in addition
 to the normal Enigmail added UI signature information. Ingo, Doug,
 Samir and Bob; I see the attached file for each of you but not my
 own PGP/MIME mails routed back to me from the list :).
>> The difference must be somewhere else: I use Thunderbird 31.5.0 and
>> Enigmail 1.8 (20150316-1815) and, while it recognizes the signatures,
>> I see the attachment "signature.asc" for all the PGP/MIME signed
>> emails I've checked.
> 
> I sent a signed message to Daniele off list. Signature recognized fine
> and no attachment. So a bug, i.e. the extra attachment, in Enigmail's
> reading of mails that have gone through Mailman even though Mailman
> produced MIME should be valid?
> 

FWIW, I use Thunderbird 31.5.0 and Enigmail 1.8.1 (2015-03-23) and the
signatures verify just fine, but it does show the signature.asc as an
attachment. Viewing my own PGP/MIME mails in the Sent folder does not
show any attachments, but the signature verifies.

-- 

Antony Prince

Key ID: 0x4F040744
Fingerprint: FE96 5B7F A708 18D3 B74B  959F A6E1 6242 4F04 0744
URL: keyserver.blazrsoft.com



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)

[Ville Määttä]

On 26.03.15 18:17, Brian Minton wrote:
> I think gmail is the single most popular email client, with 500 million
> 
> users.

There are about 7,3 billion people out there that don't have a clue what
OpenPGP is.

> I think that until there is a way to verify pgp signatures from
> 
> within gmail, pgp/mime will continue to show up as an attachment.

Why should it? At least for non-Gmail users as well as Gmail users not
using *webmail*.

> There are ways to use pgp/mime or inline pgp with gmail, but nothing
> 
> great.  I'm hopeful for google's end to end, and I currently use
> 
> mailvelope, but as far as I know, neither of those options supports
> 
> PGP/MIME.

Yeah… so? Not all email users are GMail users. Not all GMail users use
the /webmail/ interface. There are a lot of GMail and other /webmail/
users out there but *we really need to stop letting that drag us down*.
Those /webmail/ operators need to get their shit together and start
playing by the rules. It's not our job to do theirs for them.

And until OpenPGP breaks out even of the single digits coverage I really
don't think we should worry about every single use case. Those who care
for OpenPGP can very easily just use something other than webmail.

I just did a test across accounts sending from Thunderbird + Enigmail.
Sure, GMail /webmail/ shows the attachment. In Thunderbird over IMAP the
emails are just fine; "Good signature" and no attachments. Now Google
just needs to go and get their platform up to speed on PGP/MIME.

-- 
Ville



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)

[Brian Minton]

-BEGIN PGP SIGNED MESSAGE-

Hash: SHA256


I think gmail is the single most popular email client, with 500 million

users.  I think that until there is a way to verify pgp signatures from

within gmail, pgp/mime will continue to show up as an attachment.

There are ways to use pgp/mime or inline pgp with gmail, but nothing

great.  I'm hopeful for google's end to end, and I currently use

mailvelope, but as far as I know, neither of those options supports

PGP/MIME.

-BEGIN PGP SIGNATURE-

Version: GnuPG v1


iF4EAREIAAYFAlUUMNoACgkQa46zoGXPuqnDTwD/QapSkfkZDsUfXf1rVw7O3Bbk

VuxnKzl/+sk8EuyD9dcA/RSd31z6jC1u1EFGptqQw3DWpEQqcU1G6LS/GPfclBWN

=hHOn

-END PGP SIGNATURE-
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)

[Xavier Maillard]

Doug Barton  writes:

> On 3/25/15 11:08 AM, Bob (Robert) Cavanaugh wrote:
>> Doug,
>> Signature shows as an attachment "signature.asc". No evidence that PGP 
>> actions were envoked. Work forces use of Synaptic PGP, so I cannot tell if 
>> it is verified or not.
>
> Thanks Bob, that is interesting feedback.
>
> FWIW, I have received various other messages privately from people who
> have said the same thing ... They can see the attachment, but either
> message verification fails, or there is no indication on their side that
> it is a PGP-signed message at all.

I thought your signature was a joke :)

-- Xavier.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)

[Daniele Nicolodi]

On 25/03/15 23:56, Ville Määttä wrote:
> On 26.03.15 00:14, Ingo Klöcker wrote:
>> So it's not mailman that's not smart enough, but the mail clients
>> the other recipients are using. Mail clients showing a
>> "signature.asc" attachment probably do not understand PGP/MIME
>> (which isn't that unusual because only a handful mail clients
>> support PGP/MIME out-of-the-box without additional plugins).
> 
> It seems to me that emails sent and signed by Thunderbird +
> Enigmail are displayed just fine by it. No signature.asc quirks.
> But emails sent by others are displaying the attachment in addition
> to the normal Enigmail added UI signature information. Ingo, Doug,
> Samir and Bob; I see the attached file for each of you but not my
> own PGP/MIME mails routed back to me from the list :).

The difference must be somewhere else: I use Thunderbird 31.5.0 and
Enigmail 1.8 (20150316-1815) and, while it recognizes the signatures,
I see the attachment "signature.asc" for all the PGP/MIME signed
emails I've checked.

Cheers,
Daniele



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)

[Samir Nassar]

On Thursday, March 26, 2015 12:56:03 AM Ville Määttä wrote:
> It seems to me that emails sent and signed by Thunderbird + Enigmail are
> displayed just fine by it. No signature.asc quirks. But emails sent by
> others are displaying the attachment in addition to the normal Enigmail
> added UI signature information. Ingo, Doug, Samir and Bob; I see the
> attached file for each of you but not my own PGP/MIME mails routed back
> to me from the list :).

I am using KMail2 4.14.6 and I see your, Doug's, and Ingo's emails clearly 
even after mailman's modifications and all three are using PGP/MIME from 
different clients (I presume).

Samir

signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)

[Ville Määttä]

On 26.03.15 00:14, Ingo Klöcker wrote:
> So it's not mailman that's not smart enough, but the mail clients the other 
> recipients are using. Mail clients showing a "signature.asc" attachment 
> probably do not understand PGP/MIME (which isn't that unusual because only a 
> handful mail clients support PGP/MIME out-of-the-box without additional 
> plugins).

It seems to me that emails sent and signed by Thunderbird + Enigmail are
displayed just fine by it. No signature.asc quirks. But emails sent by
others are displaying the attachment in addition to the normal Enigmail
added UI signature information. Ingo, Doug, Samir and Bob; I see the
attached file for each of you but not my own PGP/MIME mails routed back
to me from the list :).

-- 
Ville



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)

[Ingo Klöcker]

On Wednesday 25 March 2015 21:06:53 martijn. list wrote:
> On 03/25/2015 08:41 PM, Doug Barton wrote:
> > On 3/25/15 11:08 AM, Bob (Robert) Cavanaugh wrote:
> >> Doug,
> >> Signature shows as an attachment "signature.asc". No evidence that PGP
> >> actions were envoked. Work forces use of Synaptic PGP, so I cannot
> >> tell if it is verified or not.
> > 
> > Thanks Bob, that is interesting feedback.
> > 
> > FWIW, I have received various other messages privately from people who
> > have said the same thing ... They can see the attachment, but either
> > message verification fails, or there is no indication on their side that
> > it is a PGP-signed message at all.
> > 
> > While this is strictly anecdotal evidence I would argue that it's a good
> > indication that we may not be ready for PGP/MIME as the default.
> 
> It looks like this is caused by the mailing list software (mailman).
> Mailman adds a banner to the mail and therefore the mail is no longer a
> valid PGP/MIME mail. I think mailman should be smart enough not to mess
> with digitally signed mail (same thing happens with S/MIME signed email).

Actually, mailman is that smart. mailman has put the body of the signed 
message together with the corresponding Content-type header as message part 
into a multipart/mixed container and has added the banner as second message 
part to the multipart/mixed container. My mail client (KMail) properly parses 
this "complex" message and shows the signed part and below the unsigned 
mailing list banner.

So it's not mailman that's not smart enough, but the mail clients the other 
recipients are using. Mail clients showing a "signature.asc" attachment 
probably do not understand PGP/MIME (which isn't that unusual because only a 
handful mail clients support PGP/MIME out-of-the-box without additional 
plugins).


Regards,
Ingo


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Wednesday 25 March 2015 at 7:41:56 PM, in
, Doug Barton wrote:



> While this is strictly anecdotal evidence I would argue
> that it's a good indication that we may not be ready
> for PGP/MIME as the default.


FWIW, my MUA (The Bat!) shows your photo, then displays:-

  OpenPGP Signature verified OK

  # off=0 ctb=ff tag=63 hlen=2 plen=11 new-ctb
:packet 63: length 11 # off=13 ctb=cb tag=11 hlen=2 plen=0 partial new-ctb
:literal data packet:
mode t (74), created 0, name="",
raw data: unknown length
# off=1118 ctb=89 tag=2 hlen=3 plen=284
:signature packet: algo 1, keyid 5CC686F11A1ABC84
version 4, created 1427312516, md5len 0, sigclass 0x01
digest algo 8, begin of digest fd d6
hashed subpkt 2 len 4 (sig created 2015-03-25)
subpkt 16 len 8 (issuer key ID 5CC686F11A1ABC84)
data: [2046 bits]


I also tried to verify the signature from the message source, just for
shits and giggles. This sometimes works if a PGP/MIME signature won't
verify for me when I click the button. On this occasion it didn't.



- --
Best regards

MFPA  

Don't cry because it is over - smile because it happened
-BEGIN PGP SIGNATURE-

iQF8BAEBCgBmBQJVEyNyXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXweVYIALlTpzYpwzhbKXOsKPfCLTpz
UcnXiZLC6ygyfmHLj7CDppFu2ttdwuMsADXGCHBxZNz6cbtuxYqOyu/Y1zSiGs5o
rQ7d0PoF+c3z1EX5rhunL9iGCTbhJyjwrHpFhqR1C8jMowsJG+MZZ3HdG4ljnDKG
jWeA6SHSOW+2zSCO0TFQPYj15ZOfjmrZYuJ5Jvu9tEnLueQylazYZVs3jbNFHCz4
jjoI0lQ8+crrn8qdjuF2sVOoJjy9Z6s8RspG/LTgV1ltvNihrOXaVbmPcdOg+ys2
SJrT3pyIk2YuVH7TCLGJ+AslJa1Qym2DGW6Z2CMapN7N66EJ4aDyDCHm5iidL/yI
vgQBFgoAZgUCVRMjeF8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45PvMAQC8yP53WL5+7UmeGurK8MjxJ8MS
EjsZ+TREVndPgavlkwEAKOQu0jrgjVUtSrhJJMO3S45cB9bzKIfjEmBH02oA4gI=
=lR1/
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)

[martijn.list]

On 03/25/2015 08:41 PM, Doug Barton wrote:
> On 3/25/15 11:08 AM, Bob (Robert) Cavanaugh wrote:
>> Doug,
>> Signature shows as an attachment "signature.asc". No evidence that PGP
>> actions were envoked. Work forces use of Synaptic PGP, so I cannot
>> tell if it is verified or not.
> 
> Thanks Bob, that is interesting feedback.
> 
> FWIW, I have received various other messages privately from people who
> have said the same thing ... They can see the attachment, but either
> message verification fails, or there is no indication on their side that
> it is a PGP-signed message at all.
> 
> While this is strictly anecdotal evidence I would argue that it's a good
> indication that we may not be ready for PGP/MIME as the default.

It looks like this is caused by the mailing list software (mailman).
Mailman adds a banner to the mail and therefore the mail is no longer a
valid PGP/MIME mail. I think mailman should be smart enough not to mess
with digitally signed mail (same thing happens with S/MIME signed email).

Kind regards,

Martijn Brinkers


-- 
CipherMail email encryption

Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.

http://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)

[Samir Nassar]

On Wednesday, March 25, 2015 12:41:56 PM Doug Barton wrote:
> On 3/25/15 11:08 AM, Bob (Robert) Cavanaugh wrote:
> > Doug,
> > Signature shows as an attachment "signature.asc". No evidence that PGP
> > actions were envoked. Work forces use of Synaptic PGP, so I cannot tell
> > if it is verified or not.

Most likely Bob is talking about Symantec PGP which works with MS Outlook.

> Thanks Bob, that is interesting feedback.

This is not new information. If "Synaptic PGP" is indeed Symantec PGP and 
we're talking about Outlook then indeed MS Outlook does not understand 
PGP/MIME.

So yes, we have an extremely outdated mail client manufacturer that is 
unwilling to accomodate PGP/MIME. Users of that mail client have a problem 
with PGP/MIME. Almost no-one else; Thunderbird, KMail2, mutt, even Roundcube, 
the web-based IMAP client, gives a useful message on facing PGP/MIME saying 
something like: This message is encrypted and can't be viewed.

Samir

signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)

[Doug Barton]

On 3/25/15 1:20 PM, Ville Määttä wrote:

On 25.03.15 21:41, Doug Barton wrote:

While this is strictly anecdotal evidence I would argue that it's a good
indication that we may not be ready for PGP/MIME as the default.


I think that fail, a signature.asc attachment, is still a "cleaner fail"
than a non-PGP receiver getting a breakdown from inline PGP. And that is
for every single email.


How are you using the term "breakdown" here? If their client isn't doing 
PGP they see some extraneous text, and a signature block. While I agree 
that for those not using PGP that is clutter, I am not sure what you 
mean by "breakdown."



I have not received a single question from anyone regarding my PGP/MIME
signed emails. Not one. And I'm talking about the ones that don't use
PGP / have no clue what PGP is.


We've already established that PGP/MIME is a "cleaner" solution for 
those that don't use PGP. I'm not debating that point, and I don't think 
anyone else is either.


The question at hand is for those that *do* use PGP, which is more 
effective? TMK there are no mail clients that fail to process a valid 
in-line signature, but obviously there are still clients that cannot 
correctly handle PGP/MIME.



FWIW, I have received various other messages privately from people who have 
said the same thing ... They can see the attachment, but either message 
verification fails, or there is no indication on their side that it is a 
PGP-signed message at all.


In this one I can see your email with the attachment, but also marked
with a "good signature".


Thank you for confirming, but we're both using Enigmail so I would 
suspect that would be the case. :)  Also, I can see the valid signatures 
on the message that I receive from the list. I'm glad to see that the 
old Mailman bug has been fixed in that regard.


Doug

--
I am conducting an experiment in the efficacy of PGP/MIME signatures. 
This message should be signed. If it is not, or the signature does not 
validate, please let me know how you received this message (direct, or 
to a list) and the mail software you use. Thanks!




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)

[Ville Määttä]

On 25.03.15 21:41, Doug Barton wrote:
> While this is strictly anecdotal evidence I would argue that it's a good
> indication that we may not be ready for PGP/MIME as the default.

I think that fail, a signature.asc attachment, is still a "cleaner fail"
than a non-PGP receiver getting a breakdown from inline PGP. And that is
for every single email.

I have not received a single question from anyone regarding my PGP/MIME
signed emails. Not one. And I'm talking about the ones that don't use
PGP / have no clue what PGP is.

> FWIW, I have received various other messages privately from people who have 
> said the same thing ... They can see the attachment, but either message 
> verification fails, or there is no indication on their side that it is a 
> PGP-signed message at all.

In this one I can see your email with the attachment, but also marked
with a "good signature".

-- 
Ville



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)

[Doug Barton]

On 3/25/15 11:08 AM, Bob (Robert) Cavanaugh wrote:

Doug,
Signature shows as an attachment "signature.asc". No evidence that PGP actions 
were envoked. Work forces use of Synaptic PGP, so I cannot tell if it is verified or not.


Thanks Bob, that is interesting feedback.

FWIW, I have received various other messages privately from people who 
have said the same thing ... They can see the attachment, but either 
message verification fails, or there is no indication on their side that 
it is a PGP-signed message at all.


While this is strictly anecdotal evidence I would argue that it's a good 
indication that we may not be ready for PGP/MIME as the default.


Doug

--
I am conducting an experiment in the efficacy of PGP/MIME signatures. 
This message should be signed. If it is not, or the signature does not 
validate, please let me know how you received this message (direct, or 
to a list) and the mail software you use. Thanks!




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users