On 1/30/12 6:09 PM, John Clizbe wrote: > I always get a chuckle every time I read someone writing that inline signing > is > somehow "deprecated." Strangely enough, the only place I can find the > origination of such an idea is in the PGP/MIME RFC 3156 itself which strikes > me > as somewhat self-serving. Deprecation is not mentioned in the OpenPGP standard > RFC 4880.
Well, in defense of that interpretation, RFC4880 just specifies a packet format and ASCII armoring -- it's deliberately silent on everything from RFCx822 integration to concerns about using it as the basis for disk encryption products. I would favor seeing an "OpenPGP best practices" RFC. 4880 tells us what's legal OpenPGP traffic, but says nothing about what's worthwhile. > I use PGP/MIME when I know a mailing list supports it and inline when I know > it > doesn't. I use PGP/MIME if I know the recipient's MUA supports it, inline > otherwise. This comes fairly close to my own practices, with one significant exception: since it's almost impossible for me to know whether all the MUAs used on a mailing list support PGP/MIME, I feel it's better for mailing list traffic to be inline. Of course, I really feel it's better for mailing list traffic to not be signed at all, since usually all it gives us is a false sense of security. A signature from an unvalidated key belonging to an unknown person whom we don't know from Adam doesn't mean much, if anything at all. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users