Hi Bjarni, On Sun, 23 Nov 2014 14:12, b...@pagekite.net said:
> https://www.mailpile.is/blog/2014-11-21_To_PGP_MIME_Or_Not.html Not read (yet). > The "tl;dr" is that it might be worth dropping PGP/MIME for outgoing > encrypted mail and instead use a more ad-hoc approach which Please don't do this. In particular the encrypted format is so easy to create and parse that it is not worth to even think about it. Yes, there are two MIME parts but you can ignore the first part and it is even possible to decrypt such a simple mail without any MIME knowledge. Creating is even easier, you can use a hard wired boundary. Signing is a bit more complete but for years there is no problem with such mails anymore - all MUAs are able to display the text and those not capable of PGP/MIME ignore the signature. I would suggest to ignore the micalg parameter - use pgp-sha1 if you create one but do not compare it when reaading. > interoperates with more mail clients. I'm also tentatively proposing an > approach to reducing the header metadata leakage (Subject, From, To, > etc. being sent in the clear). Wrap in a message/rfc822 part. > As folks on this list have been using GPG in the real world longer than > most, I would very much appreciate your feedback, experience and It has always been a heated discussion for close to 20 years. The non-US people mostly preferring PGP/MIME and the US people clear text signatures. Even S/MIME has meanwhile completely moved away from opaque signatures. Thus by supporting PGP/MIME you only need one framework and no alien stuff like PGP cleartext signed messages without the ability to attach something. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
