[linux-elitists] Fwd: PGP signature attachments!
Fri Sep 7 23:02:35 PDT 2001
[Pointedly disregarding the recent dual soliloquies without dialogue
between Karsten and Sean.]
begin Marc MERLIN quotation:
> No thank you, I don't want to see your PGP stuff in the body of your
> mail. With mime, I don't have to look at it if I don't want to.
That's precisely the quandry we're all in:
o Using MIME-delimited signing routinely would be good for the Net,
o Pipermail and co. aren't yet able to handle it correctly.
o It then becomes difficult to convincingly tell naive users
"Please don't send HTML/attachments/MIME to random newsgroups/
mailing lists", when you have to append long explanations
that "nonetheless, crypto-signing MIME attachments are an
exception and are perfectly OK".
o Using clearsigning would be the next-best thing, except that it
puts crypto junk in _everyone's_ faces.
Short-term good is at odds with long-term good, and good solutions
Absent such a solution, here's my current, unsatisfying strategy:
o procmail rewrites incoming clearsigned mail to RFC2015 format.
o mutt/GnuPG correctly handle incoming RFC2015-signed mail.
o I don't routinely sign outgoing mail.
o On the rare occasions when I do, I clearsign.
That strategy is relatively bad for the future, and relatively good for
the present. It means I deal neatly with all incoming signatures of
both types, don't garbage up list archives, and still can sign mail
authoritatively when I feel a compelling need. On the down side, it
fails to advance the use of routine signing and encryption, and fails
to press home the need to accomodated it in places like pipermail.
Cheers, Everything is gone;
Rick Moen Your life's work has been destroyed.
firstname.lastname@example.org Squeeze trigger (yes/no)?
-- David Carlson (winner, haiku error message contest)
More information about the linux-elitists