PGP/MIME considered harmful for mobile

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Feb 25 04:15:56 CET 2011


On 02/24/2011 08:22 PM, Robert J. Hansen wrote:
> On Android's mail application, PGP/MIME attachments are nigh-unusable.
> It won't render even the plaintext portions: it has to be downloaded and
> opened with a text reader.  If you're concerned about your mail being
> readable on a mobile device (which is increasingly important nowadays),
> you might want to consider switching to inline signatures.

Hm.  maybe i don't know what you mean here, but i just tried to verify
this with a colleague, and i've come to a different conclusion.

I sent a simple text/plain e-mail wrapped in a PGP/MIME signature,
generated by enigmail (like this one).

that is, the message i sent is structured like this:

└┬╴multipart/signed 2181 bytes
 ├╴text/plain 219 bytes
 └╴application/pgp-signature attachment [signature.asc] 1030 bytes

my colleague is using the application named "email", version 2.2.2 on a
stock 2.2.1 motorola droid.

He wrote me back:

>> The email shows fine, but when I try to view the attachment the email
>> application says it "cannot be displayed".

So, to be clear:  PGP/MIME-signed plaintext mail did not cause any
problems with rendering on android in my test.  The basic e-mail
application is unable to verify the signature, but i think we knew that
already.

I do *not* consider PGP/MIME harmful for mobile.

Regards,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110224/9b26ce81/attachment.pgp>


More information about the Gnupg-users mailing list