Hi Patrick, I realize that the link I posted does not give any details. However, this all solved for DKIM by specifying exactly which parts of the message have been signed within the header. For PGP, you may want to sign the body of the message instead, but this may just be done in the same way as it is done in PGP/Mime with the only exception that the PGP signature is not an attachment to the message but posted in the header.
I actually see encryption as less of an issue. When I send an encrypted message to someone, I need to know for sure that the recipient knows about PGP encryption and knows how to decode it. If I send an encrypted message to someone who does not use PGP, he/she cannot read it, no matter what. For signing, it is a different story because I'd like to set up my client to sign all my outgoing messages and people can either verify the signature or don't care. However, currently, it's working counterproductive as people start to distrust the unknown attachments or appended incomprehensible code in my messages. Regards, Egbert On 03/15/2014 06:10 PM, Patrick Brunschwig wrote: > On 15.03.14 16:41, Egbert van der Wal wrote: > > Hi, > > > Sorry if this has been asked before, I searched the archives and > > found no references to the same thing. > > > I'm looking into setting up PGP signing and encryption. Especially > > the signing is a difficult issue. The two options I have bother > > me: > > > * Inline PGP attaches random cruft (to laymen) to the text messages > > and this may actually make them distrust my messages instead of > > trusting them * PGP/Mime adds an attachment that is visible to > > people that do not have PGP support, with the same thing: people > > distrust unknown attachments. > > > I recently set up my mailserver to use DKIM signing and I think > > the solution for embedding the DKIM signature is really elegant: > > adding a DKIM-Signature header. Since mail clients that do not > > understand this header just ignore it, it is basically invisible to > > people inexperienced with mail and/or DKIM. It is still embedded in > > the message. I then started looking for any possibilities to use > > this and came across someone who wrote about this same idea: > > > http://beza1e1.tuxen.de/articles/pgp_header.html > > > I really like this solution to the problem. What are the thoughts > > of the Enigmail people on this solution? > > I think the idea is not quite thoroughly thought through. It is only > an idea for signing data; it does not mention encryption. In addition, > it does not cover anything like multi-part emails (attachments, HTML > mails) and partially signed mails. > > I think the far bigger issue these days is encryption, not signing. > > -Patrick > > > _______________________________________________ > enigmail-users mailing list > enigmail-users@enigmail.net > https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net