[Enigmail] Survey: Inline-PGP or PGP/MIME

Anne Wilson anne at lydgate.org
Wed Mar 18 16:56:20 CET 2015

Hash: SHA1

On 17/03/2015 20:22, Ludwig Hügelschäfer wrote:
> On 17.03.15 20:00, Anne Wilson wrote:
>> +1.  Perhaps Patrick could point us to a beginners' guide 
>> detailing the differences?
> Inline-PGP: The traditional method. It dates back to the 90s. The 
> ciphertext replaces the plain text of a mail. Attachments were not
>  part of the plan, and had to be signed/encrypted manually and then
>  attached. Later, good mail clients learnt to deal with them and 
> could sign/encrypt them independently and put the mail together 
> automatically. Signed mail can be read using mail clients not
> aware of the OpenPGP content. Signed (not encrypted) HTML content
> is problematic, signature failures happen frequently.
> PGP/MIME: Standardized way (RFC 3156) to deal with signed/encrypted
>  OpenPGP content regardless of the presence of attachments. Puts
> the signed/encrypted content in an attachment. The signature covers
> text and attachments. The mail body itself is empty or has a simple
>  explanatory sentence. Only PGP/MIME-capable mail clients can
> display signed mail. Most modern mail clients support this
> standard, however, the most important that does not is Microsoft
> Outlook. HTML content is covered perfectly.
> Neither of the standards can encrypt mail headers including the 
> subject.
> Hope I didn't forget anything...
That makes things a lot clearer.  I generally use inline, but noticed
that if an attachment is present I was asked if PGP/MIME could be
used.  Perhaps I should move over to always using PGP/MIME, in that case.

Thanks to both of you.

Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/


More information about the enigmail-users mailing list