[Gpg4win-devel] signature in body: no-mime and new "double no-mime"

Dr. Peter Voigt pvoigt at uos.de
Sun Aug 25 14:33:43 CEST 2013 

Am Wed, 21 Aug 2013 09:05:08 +0200
schrieb Bernhard Reiter <bernhard at intevation.de>:

> Hi friends of Gpg4win and crypto-emails,
> 
> here is a short note about terminoloy and signatures in email:
> 
> Precondition:
> The prefered way of handling signature in emails today is MIME!
> This way you can have attachments signed as well, there are no
> encoding problem and there is an easy way to encrypt a signed
> structure. Also all MIME compatible clients will show the test, even
> if they cannot understand the signature. This is best for the user
> experience and compatibility. In short: You really want MIME!
> 
> Old term "clearsign" missleads, "no-mime" is better:
> In absense of proper MIME handling (e.g. for Outlook or Lotus Notes)
> one solution to sign an email body is to do something like
>    ----BEGIN PGP SIGNED MESSAGE-----
>    This is the text.
>    -----BEGIN PGP SIGNATURE-----
>    iQEXYZXYZ
>    -----END PGP SIGNATURE-----
> some people used to call this "clearsigned", but I believe this to be 
> missleading. "clear" is something positive, something you would want.
> But we know that the user experience is much better with the PGP/MIME
> way of clearsigning the mail body. The chance to see the text
> correctly with PGP/MIME is much higher and the email is better
> structured, aka more clearly structured. Therefore I suggest we give
> the old format a different name: "no-mime signed".
> 
> We will certainly use "no-mime" signature as a description of this
> less wanted method to sign a mail body contents everywhere. No-mime
> maybe a slightly better solution that just using attachments for
> email communication, but at least its name is more intuitive.
> 
> 
> An new format to try out: "double no-mime signature":
> To deal with the encoding problem, GPGOl 1.2.0 offer a new format for
> Outlook 2010 and 2013. Its structure is:
>   This is the Text
>   -----BEGIN PGP MESSAGE-----
>   XYZXYZ                        <- contains "This is the Text"
>   -----END PGP MESSAGE-----
> The body text is included twice, so we call it "double no-mime".
> Advantage: works with PGP And CMS, less enconding problems.
> Possible disadvantage: Other clients do not display the contained
> text, but the surrounding text instead. We will seek feedback on this
> and will evaluate if this new format is an improvement or not. And we
> may remove it again.
> 
> Best,
> Bernhard
> 
> 

Thanks, Bernhard, for details on this interesting topic. Even if there
has not yet been much feedback on this, I ask you to keep the list
informed on it.

Just recently, e.g. one week ago, I had problems with some
communication partners using Outlook 2010 with Gpg4win. Their signed or
enrypted messages procuded all kinds of problems including scrambled and
unreadable messages. Claws Mail under Windows even crashed sometimes so
that I finally decided to delete the messages. I could convince them to
use Thunderbird which immediately solved all problems.

Unfortunately, I cannot finally give any wishes or recommendations on
this new format because I have no Outlook client available. On the
other side it would be helpful, if you could provide at least two test
messages that I will read with my different mail clients:

- One signed message only.
- One signed and encrpyted message. I'm not sure from your posting, if
  the new "double no-mime signature" refers to signed only messages
  only or if it applies to encrypted messages as well.

Best would be, of course, if Outlook will support PGP/MIME in the
nearest future :-).

Regards,
Peter

More information about the Gpg4win-devel mailing list