Ryan Malayter wrote: >> >> HTML + OpenPGP = FAIL. >> >> In English: HTML screws up OpenPGP. You don't want it. There are other >> reasons why you don't want HTML anyway but I won't go into them here. > > > Actually, when I sign an HTML email with GPGOL, and send it to my > Gmail account, I seem to get this on the receiving end: > > 1) A plain text version of the message, signed in-line. > > 2) An attachment of .HTML type, which contains the original unaltered > HTML message. > > 3) A second attachment, which is seems to be an ASCII detached > signature of the first attached HTML file. >
You just discovered the second reason why HTML email is evil: it sends
everything TWICE. For people still on 33.6kb/s dialup that is a major
inconvenience.
> Does any other OpenPGP client handle this "attachment" result? Or do
> you need to save the attachments and manually verify the detached
> signature? GPGOL itself doesn't seem to read this "exploded" format,
> even though it creates it. GPGOL only verifies the plain text version.
>
PGP/MIME capable mail clients /may/ handle it, but you'd have to
actually try it to be certain. Such a test should be conducted off-list
in order to avoid flames for an HTML posting.
--
Alphax
Death to all fanatics!
Down with categorical imperative!
OpenPGP key: http://tinyurl.com/lvq4g
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
