[linux-elitists] Fwd: PGP signature attachments!

Rick Moen rick@linuxmafia.com
Fri Sep 7 23:02:35 PDT 2001

[Pointedly disregarding the recent dual soliloquies without dialogue
between Karsten and Sean.]

begin  Marc MERLIN quotation:

> No thank you, I don't want to see your PGP stuff in the body of your
> mail.  With mime, I don't have to look at it if I don't want to.

That's precisely the quandry we're all in:

o  Using MIME-delimited signing routinely would be good for the Net,
   o  Pipermail and co. aren't yet able to handle it correctly.
   o  It then becomes difficult to convincingly tell naive users
      "Please don't send HTML/attachments/MIME to random newsgroups/
       mailing lists", when you have to append long explanations 
       that "nonetheless, crypto-signing MIME attachments are an
       exception and are perfectly OK".
o  Using clearsigning would be the next-best thing, except that it
   puts crypto junk in _everyone's_ faces.

Short-term good is at odds with long-term good, and good solutions
aren't obvious.

Absent such a solution, here's my current, unsatisfying strategy:

o  procmail rewrites incoming clearsigned mail to RFC2015 format.
o  mutt/GnuPG correctly handle incoming RFC2015-signed mail.
o  I don't routinely sign outgoing mail.
o  On the rare occasions when I do, I clearsign.

That strategy is relatively bad for the future, and relatively good for
the present.  It means I deal neatly with all incoming signatures of
both types, don't garbage up list archives, and still can sign mail
authoritatively when I feel a compelling need.  On the down side, it
fails to advance the use of routine signing and encryption, and fails
to press home the need to accomodated it in places like pipermail.

Ah well.

Cheers,               Everything is gone;
Rick Moen             Your life's work has been destroyed.
rick@linuxmafia.com   Squeeze trigger (yes/no)?
                       -- David Carlson (winner, haiku error message contest)

More information about the linux-elitists mailing list