[Gpg4win-devel] signature in body: no-mime and new "double no-mime"

Bernhard Reiter bernhard at intevation.de
Wed Aug 21 09:05:08 CEST 2013


Hi friends of Gpg4win and crypto-emails,

here is a short note about terminoloy and signatures in email:

Precondition:
The prefered way of handling signature in emails today is MIME!
This way you can have attachments signed as well, there are no encoding 
problem and there is an easy way to encrypt a signed structure. Also all
MIME compatible clients will show the test, even if they cannot understand
the signature. This is best for the user experience and compatibility.
In short: You really want MIME!

Old term "clearsign" missleads, "no-mime" is better:
In absense of proper MIME handling (e.g. for Outlook or Lotus Notes)
one solution to sign an email body is to do something like
   ----BEGIN PGP SIGNED MESSAGE-----
   This is the text.
   -----BEGIN PGP SIGNATURE-----
   iQEXYZXYZ
   -----END PGP SIGNATURE-----
some people used to call this "clearsigned", but I believe this to be 
missleading. "clear" is something positive, something you would want.
But we know that the user experience is much better with the PGP/MIME
way of clearsigning the mail body. The chance to see the text correctly with 
PGP/MIME is much higher and the email is better structured, aka more clearly 
structured. Therefore I suggest we give the old format a different 
name: "no-mime signed".

We will certainly use "no-mime" signature as a description of this less wanted
method to sign a mail body contents everywhere. No-mime maybe a slightly 
better solution that just using attachments for email communication, but
at least its name is more intuitive.


An new format to try out: "double no-mime signature":
To deal with the encoding problem, GPGOl 1.2.0 offer a new format for Outlook 
2010 and 2013. Its structure is:
  This is the Text
  -----BEGIN PGP MESSAGE-----
  XYZXYZ                        <- contains "This is the Text"
  -----END PGP MESSAGE-----
The body text is included twice, so we call it "double no-mime".
Advantage: works with PGP And CMS, less enconding problems.
Possible disadvantage: Other clients do not display the contained text, but 
the surrounding text instead. We will seek feedback on this and will evaluate 
if this new format is an improvement or not. And we may remove it again.

Best,
Bernhard




-- 
www.intevation.de/~bernhard (CEO)    www.fsfe.org (Founding GA Member)
Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998
Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-devel/attachments/20130821/1601f7b6/attachment.sig>


More information about the Gpg4win-devel mailing list