Arguments for inline PGP

Michael Daigle list-gnupg at mikedaigle.ca
Wed Aug 10 17:16:07 CEST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

In reply to Chris De Young's message sent 2005-08-09 17:24:

>> I primarily use inlined PGP because I'm tired of having my S/MIME
>> signed mail bounced back to me as undeliverable because "pkcs7
>> signature is listed as a dangerous attachment on this server".
>> What's so dangerous about a S/MIME signature?! Apparently, it's the
>> same danger that's present in a PGP/MIME message - mail server
>> admin stupidity.
>> 
>> It's unfortunate, but it's prevalent - and that's why inlined PGP
>> is a good thing. We can still retain message authentication despite
>> the goof-ball between us and the recipient.
> 
> 
> Why not just encrypt the mail, thus hiding the signature part from
> the goofball?
> 
> As far as the problem with Outlook, don't use it, and if you have to 
> send mail to Outlook users who complain, there's probably no point in
>  signing it in the first place -- they don't care and won't ever
> check it.
> 
> Maybe there are a few who wonder enough what it is you're sending
> them to go figure it out; if so, that's a win, but I doubt it happens
> very often.  :)

I don't think your reply was to be directed to me. I don't use Outlook
(I use Thunderbird).

Why not just encrypt the mail? Of course that's the obvious solution,
and the preferred way to send mail (encrypted!!!). The problem is that
you don't possess the company's (or the particular staff members')
public key. And well, if your S/MIME signed message is being rejected,
it's a strong indication they don't use any form of secure MIME
messaging at the company, so encryption is not an option.

If you send a PGP clear-signed message, you can at least provide
yourself with message authentication (ie, if they can't quote a
verifiable message, they can't prove that's what you said).


- --
Mike Daigle                                   http://www.mikedaigle.ca
My PGP Key                                 mailto:pgpkey at mikedaigle.ca
Gossamer Spider Web of Trust                      http://www.gswot.org
Get Your Own Subdomain!                  http://www.gswot.org/yourname

-----BEGIN PGP SIGNATURE-----
Comment: GSWoT - Gossamer Spider Web of Trust - www.gswot.org

iD8DBQFC+ho2NuccKlqTLlMRA1jPAKCQFxcULcIOcf20mEEsBjWEjqcH6QCgjtBw
ufEhrNdV4f+deJTPk8xfyS8=
=VbFp
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list