On Sun, Dec 28, 2025 at 6:14 PM Sam James <[email protected]> wrote: > > [...] > Finally, to end the dump of what I know so far: Werner Koch has > published a response to the cleartext signature vulnerabilities: > https://gnupg.org/blog/20251226-cleartext-signatures.html.
Also see dkg's post from 2014 at <https://dkg.fifthhorseman.net/notes/inline-pgp-harmful/>. From the article: People often suggest that inline PGP signatures in e-mail are somehow more compatible or more acceptable than using PGP/MIME. This is a mistake. Inline PGP signatures are prone to several failure modes, up to and including undetectable message tampering. Jeff
