Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. users
GPG/PGP and Mail (was: Re: GnuPG: what email client should i use?)
Nils at infosun
Jul 26, 2000, 1:35 AM
Post #1 of 6 (618 views)
Permalink
>>>"t" == thi <ttn@netcom.com> writes:

t> gnu emacs and mailcrypt.el.

That's what I'm using right now, however there are some
shortcomings. The big issue is which standard to use and only after
that, which mailreader to use.

In general, there are three popular options for encrypted mail:

- PGP Ascii armor (used by Emacs/Mailcrypt and lot's of other
mailers. This is the "old" standard. No MIME support whatsoever, just
plain text.)

- PGP/MIME and OpenPGP [RFC 2015 and 2440] (This is what Mutt, Pine,
Emacs/Mew a.s.o. use. It's MIME multipart/encrypted. From "our"(i.e. gpg)
point of view, this would in theory be the best to use.

However, there is also:

- S/MIME: also RSA based encrypted-MIME mail format defined by an
industry consortium. Slightly different design choices from PGP/MIME
and not compatible. (implemented by Netscape, MS Outlook and others)


Now the bad news:

- S/MIME and OpenPGP are being developed independently and can, so far,
not interact with each other. It would be by far more preferable to have
just one standard. The Internet Mail Consortium is aware of this
problem, a discussion is here: http://www.imc.org/smime-pgpmime.html.
There are rumours that they might be merged. That'd be good news. But
then you need mail clients to support this.

- If we leave S/MIME aside, you've still got to decide whether to use
Ascii armor or PGP/MIME. I found (so far) no Unix-based mailreader that
can handle both (but there might be some, who knows. Maybe pine). It
really depends on the person you're mailing with which format to use.

So coming back to the question which mailreader to chose: you have to
take into account

- Do you need MIME?
- What format are the people using you're communicating with?

Personally, I stick with mailcrypt as I found most people in my reach
are still using Ascii armor. However, it has several bugs/misfeatures
(especially when using it with a non-7bit Ascii character set), but I
don't see an alternative. If someone writes a good Emacs mail client
that can handle both formats, or even better, adds this functionality to
an existing mail client like VM or GNUS, I'm sure he'll get his merits :-)

Cheers,
Nils
--
Nils Ellmenreich - Fakultaet fuer Math./Informatik - Nils @
http://www.fmi.uni-passau.de/~nils - Univ. Passau - Uni-Passau.DE
Re: GPG/PGP and Mail (was: Re: GnuPG: what email client should i use?) [ In reply to ]
homega at ciberia
Jul 26, 2000, 2:28 AM
Post #2 of 6 (616 views)
Permalink
El mié, 26 de jul de 2000, a las 10:35:28 +0200, Nils Ellmenreich dijo:
>
> - If we leave S/MIME aside, you've still got to decide whether to use
> Ascii armor or PGP/MIME. I found (so far) no Unix-based mailreader
> that can handle both (but there might be some, who knows. Maybe pine).
> It really depends on the person you're mailing with which format to
> use.

AFAIK mutt can handle both application/pgp (ascii) and pgp/mime. It's
been doing that for quite a while. Also, I heared about some
developement towards supporting s/mime in mutt some time ago, but I
don't know the current state of it.


Regards,

--
Horacio Anno MMDCCLIII A.U.C.
mailto:hacho@crosswinds.net
~Spain ~Spanje ~Spanien
--------------------------------------------------------------------
Key fingerprint = F4EE AE5E 2F01 0DB3 62F2 A9F4 AD31 7093 4233 7AE6
Re: GPG/PGP and Mail (was: Re: GnuPG: what email client should i use?) [ In reply to ]
Florian.Weimer at RUS
Jul 26, 2000, 3:21 AM
Post #3 of 6 (619 views)
Permalink
Nils@infosun.fmi.uni-passau.de (Nils Ellmenreich) writes:

> If someone writes a good Emacs mail client
> that can handle both formats, or even better, adds this functionality to
> an existing mail client like VM or GNUS, I'm sure he'll get his merits :-)

Some people are supposed to work on a Gnus extension for handling
MIME-PGP messages. There are already some early results, but
currently, most developers seem too busy to do anything useful.

There's a mailing list, see

http://cert.uni-stuttgart.de/mailman/listinfo/gnus-rfc2015

or

echo subscribe | mail gnus-rfc2015-request@cert.uni-stuttgart.de
Re: GPG/PGP and Mail (was: Re: GnuPG: what email client should i use?) [ In reply to ]
sam at cogent
Aug 1, 2000, 4:55 PM
Post #4 of 6 (613 views)
Permalink
Quoting "L. Sassaman" <rabbi@quickie.net>, who wrote:
>
> On Wed, 26 Jul 2000, Horacio MG wrote:
>
> > El mié, 26 de jul de 2000, a las 10:35:28 +0200, Nils Ellmenreich dijo:
> > >
> > > - If we leave S/MIME aside, you've still got to decide whether to use
> > > Ascii armor or PGP/MIME. I found (so far) no Unix-based mailreader
> > > that can handle both (but there might be some, who knows. Maybe pine).
> > > It really depends on the person you're mailing with which format to
> > > use.
> >
> > AFAIK mutt can handle both application/pgp (ascii) and pgp/mime. It's
>
> application/pgp is not regular ASCII-armored mail. application/pgp should
> never be used.

It's deprecated by mutt, but they do support it. The preferred method is
the standard MIME multipart/encrypted and multipart/signed types.

> What is so wrong with using regular text?

The same thing that's wrong with pre-MIME uuencoded in-line files. MIME is
the right way to communicate that the message is signed or encrypted, not
stuffing strings into the message body. It's bound to be got wrong by
somebody (in uuencodings case you used to be able to put a string that
looked like the beginning of a uuencode attachment in mail, and outlook users
wouldn't be able to read it. Outlook would autodetect the attachment
and mangle the rest of the message, maybe you still can, so its a good way
to write secret email unreadable by many windows users...).

It's kind of frustrating that so few mailers understand MIME structured
pgp messages, even though they use MIME already. Does anybody know whether
the pgp support for Outlook or any other windows mailer has been updated
to grok the RFC1847/2015 MIME types?

Sam

p.s.

I don't have the RFCs handy, and my memory is poor, but I think pgp/mime
is the pre-OpenPRP RFC, and thus is NOT what mutt uses.

--
Sam Roberts (sam@cogent.ca), Cogent Real-Time Systems (www.cogent.ca)
Re: GPG/PGP and Mail (was: Re: GnuPG: what email client should i use?) [ In reply to ]
Nils at infosun
Aug 2, 2000, 12:36 AM
Post #5 of 6 (620 views)
Permalink
L. Sassaman wrote:

> application/pgp is not regular ASCII-armored mail. application/pgp should
> never be used.

> What is so wrong with using regular text?

Nothing's wrong with it unless you want to sign and/or encrypt mails
with attachments. I'd like to sometimes, but then mailcrypt doesn't
support it. And we're beyond the times of uuencode. Right now, the best
thing is to have a mailer that can handle both, ascii armor and
RFC2015. For the future, it'd be great to have just one sufficiently
general standard that all/most mailers can handle.

Cheers, Nils
--
Nils Ellmenreich - Fakultaet fuer Math./Informatik - Nils @
http://www.fmi.uni-passau.de/~nils - Univ. Passau - Uni-Passau.DE

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org
Re: GPG/PGP and Mail (was: Re: GnuPG: what email client should i use?) [ In reply to ]
wk at gnupg
Aug 2, 2000, 1:01 AM
Post #6 of 6 (615 views)
Permalink
On Tue, 1 Aug 2000, Sam Roberts wrote:

> I don't have the RFCs handy, and my memory is poor, but I think pgp/mime
> is the pre-OpenPRP RFC, and thus is NOT what mutt uses.

Mutt uses RFC2015 which is the pgp/mime. There is a new darft which
updates on this and allows for multiple signature on a mail suing
different protocols.

Werner

--
Werner Koch GnuPG key: 621CC013
OpenIT GmbH http://www.OpenIT.de

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal