dual signatures
Erpo
erpo41 at hotpop.com
Fri Jan 21 03:45:41 CET 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Every so often on this list there's a discussion about
the two main methods for signing an email: clearsigning
(BEGIN PGP SIGNED MESSAGE style) and PGP/MIME (attachment
style).
Personally, I find clearsigning annoying because I use
Evolution which only reads PGP/MIME. Other people find
PGP/MIME annoying since their mail clients only read
clearsigned messages.
Here's a suggestion I haven't seen before: why not sign
both ways? As a test, I'm going to clearsign this message
with gpg before I paste it into evolution's message
window. If it works, you can all enjoy seeing your mail
client not be able to verify my message because I'm not
on your keyring. Clearsign-only clients will ignore the
"extra" meaningless attachment. PGP/MIME-only clients will
verify the clearsigned text (including the "extra" PGP
headers) using the attachment.
Is there a good reason for mail clients not to do this
automatically?
- --
Erpo <erpo41 at hotpop.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFB8GyvTHFDLY02QhYRAvlNAKCM5k1dsP1q43h33zJ8XATscaeycwCfet3h
DDdX/2zNMf1h/5+lMQ1YDS8=
=M3BM
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : /pipermail/attachments/20050120/196f4ba1/attachment.pgp
More information about the Gnupg-users
mailing list