Why do people send email with an attached public key?

Charly Avital shavital at mac.com
Sat Jun 20 06:45:17 CEST 2009


Steven W. Orr wrote the following on 6/19/09 6:45 PM:
> I see that there are some people who send their messages (especially to this
> list) with their messages signed via an attached signature. I can't imagine
> that this question hasn't been asked before, but is there an advantage to
> doing this vs having an inline signature?
> 
> BTW, I run a mailinglist which strips all attachments. If I use a signature
> attachment, am I further limiting an already limited audience?
> 
> TIA

The question about detached signatures (PGP/MIME) has been asked before
in this forum, and in many others that deal with crypto.

First, to answer the question in the subject of your message (BTW, it's
better to avoid inserting questions in an e-mail's subject, just state
the subject):

Attaching the sender's public key to an e-mail is not the same as
signing the e-mail with a detached signature (PGP/MIME). Attaching the
sender's key can be a courtesy to spare recipients the task of searching
for the sender's public key.

Some MUAs will offer you the possibility of either signing both the
e-mail and the attached public key in one single "encapsulated" message,
 and that will force PGP/MIME, or to sign the e-mail only, and not the
attached public key.

Other MUAs will automatically force PGP/MIME when the e-mail has an
attachment.



As to the pro and cons, I'll refer you to David Shaw's post to this list:
<http://lists.gnupg.org/pipermail/gnupg-users/2004-April/022208.html>.

There are surely many other posts on the same topic.

Not all MUAs are PGP/MIME compliant.

If your mailing list strips all attachments, that's an additional problem.

Have a fine week end.
Charly





More information about the Gnupg-users mailing list