also sprach Derek Martin <inva...@pizzashack.org> [2009.11.30.0811 +0100]: > Yes, I mean with any MIME. PGP predates MIME by about a year, as > far as I can tell. So-called "traditional" PGP was intended to be > used entirely within the message body, because at the time it was > created there was *only* a message body. :) So as soon as you start > adding MIME parts, you've sort of broken that model...
Note that my original message was not about MIME; adding text before and after the /^-----/ PGP-traditional sentinels does not create MIME parts. > Historically, any mailer I'd seen that had any PGP support built > in would basically do the same thing you would do manually: punt > the message to PGP, and hand you the results in its viewer or an > editor. There never was any text outside the PGP portions -- > including text outside the PGP block would have broken replies for > pretty much everyone -- so this problem was a non-issue. Besides, > mixing encrpyted and unencrypted data in an e-mail is probably > a bad idea... it presents more opportunities for accidental > leakage of secret data. Of course, but we do have two perfectly normal cases now: 1. full quote of a signed message by a top-poster instead of doing the right thing. 2. broken mailing list software attaching footers to non-MIME parts instead of converting the message to MIME. Yes, both cases would not occur in a perfect world, but since there's a relatively easy fix, mutt can help for the time being. > If you're going to use MIME (and you *should*), you should follow > the standard for using PGP with MIME. If you're going to include > in-line PGP inside MIME messages, you should probably expect that > your mailer might get confused, cuz it's the Wrong Thing (TM) > (some mailers don't handle in-line PGP at all, IIRC Evolution is > an example, or was for a while at least). I should amend that by > saying if you're going to include in-line PGP anywhere in > a message, DON'T. ;-) It might be nice if Mutt could handle this > better, but it's not a bug, and basically amounts to incorrect > user expectation. I think we all use PGP-MIME because we agree with you. Unfortunately, we failed to make E-mail a tool for clued people only. Just like we have to put up with design faults in SMTP forever (it'll take decades until a deprecated feature can be removed), we need to be able to deal with the PGP-traditional hack, in combination with the newer technology. > If you take all that into consideration, I think it's the right > call to leave it alone, and pressure your peers to stop doing > things that are broken / obsolete. The problem comes when they aren't your peers (but e.g. your boss), or when you deal with Outlook+PGP people, because as far as I know, there is no way to do PGP-MIME with Outlook. -- martin | http://madduck.net/ | http://two.sentenc.es/ perl -e 'print "The earth is a disk!\n" if ( "earth" == "flat" );' spamtraps: madduck.bo...@madduck.net
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)
