[Enigmail] Survey: Inline-PGP or PGP/MIME
anne at lydgate.org
Wed Mar 18 16:56:20 CET 2015
-----BEGIN PGP SIGNED MESSAGE-----
On 17/03/2015 20:22, Ludwig Hügelschäfer wrote:
> On 17.03.15 20:00, Anne Wilson wrote:
>> +1. Perhaps Patrick could point us to a beginners' guide
>> detailing the differences?
> Inline-PGP: The traditional method. It dates back to the 90s. The
> ciphertext replaces the plain text of a mail. Attachments were not
> part of the plan, and had to be signed/encrypted manually and then
> attached. Later, good mail clients learnt to deal with them and
> could sign/encrypt them independently and put the mail together
> automatically. Signed mail can be read using mail clients not
> aware of the OpenPGP content. Signed (not encrypted) HTML content
> is problematic, signature failures happen frequently.
> PGP/MIME: Standardized way (RFC 3156) to deal with signed/encrypted
> OpenPGP content regardless of the presence of attachments. Puts
> the signed/encrypted content in an attachment. The signature covers
> text and attachments. The mail body itself is empty or has a simple
> explanatory sentence. Only PGP/MIME-capable mail clients can
> display signed mail. Most modern mail clients support this
> standard, however, the most important that does not is Microsoft
> Outlook. HTML content is covered perfectly.
> Neither of the standards can encrypt mail headers including the
> Hope I didn't forget anything...
That makes things a lot clearer. I generally use inline, but noticed
that if an attachment is present I was asked if PGP/MIME could be
used. Perhaps I should move over to always using PGP/MIME, in that case.
Thanks to both of you.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the enigmail-users