On Apr 20, Ron Murray wrote > It seems a few of you are using a mail agent that's capable of > generating a detached PGP certificate of your message and including it as a > MIME type of application/pgp-signature, apparently under the impression > that we're all going to take the time to check whether or not it was really > you who sent that embarrassing message.
Not at all. The point of PGP/MIME (I believe that's what it's called) is that the whole business of signing, checking signatures, etc. can be cleanly and easily automated. I'm sure someone will be able to point you to the relevant RFC if you want to know more. > I don't know how the average Linux mailer handles these, but I use > Windows 95 (no, don't bother flaming) in my main machine, with Eudora as my > mailer. I'm getting a little tired of my attachment directory filling up > with little PGP signatures which contain no indication of which message > they belong to, even if I wanted to crank up PGP to check them, which I > don't. (Note: this is NOT an attack on PGP: I use it myself. The issue is > that I don't need any help to clutter up my hard drive -- I can manage that > quite well on my own, thank you very much). Usually quite nicely. For instance with pine, you get a few lines at the bottom of the message saying "Unknown type application/pgp-signature", use 'V S' to save to a file" or something like that. You mean that Eudora dump all the attachments it sees into a directory? Isn't the point of an attachment that it should stay attached to the mail it came with (until you detach it)? Ugh. That pretty much rules out Eudora for me as a windows email program. > Since I've written a Eudora 3.x plug-in to interface with PGP anyway, I > thought I'd add a translator for these signatures and have it discard them. > I think it should work, but I have no way to test it except to wait for a > Debian user digest with a signature in it, and see what happens -- and, > would you believe it, since I've written the translator, no PGP signatures > have turned up! Ask and you shall receive! <grin> (Yes, I'm one of those people that sign their emails using PGP/MIME.) > A better way to test it, of course, would be to obtain whichever mail > agent generates these things, install it on my Linux machine, and send > messages to myself for collection with Eudora. In the interests of harmony, > can one of you people who are generating these detached PGP certificates > tell me what mail agent you're using to generate them? And, if it's a > little obscure, or hard to obtain outside the USA, a site I can obtain it > from? One of the mailers is mutt, available as a Debian package on your nearest Debian mirror. But instead of writing a plugin that discards the signatures, wouldn't you want to write a plugin that uses PGP to check them? Christian
pgpT9qWtbvZi8.pgp
Description: PGP signature
