[Enigmail] Signature checks fails so often
Robert J. Hansen
rjh at sixdemonbag.org
Tue Nov 6 01:42:58 PST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Bob Henson wrote:
> Hmm, sorry about that - no-one ever mentioned it before so I've always
> used PGP/MIME on the assumption that an OpenPGP related newsgroup was
> one place it could/should be used. So far, only Outlook Express users
> ever passed comment.
I apologize in advance, Bob, if it seems like I'm condescending or
patronizing here--I just want to explain this issue as simply as I can
so that everyone on the list can understand why PGP/MIME on mailing
lists is usually not that great of an idea.
To explain things fully, I have to use two different acronyms: MUA and
MTA. These stand for "Mail User Agent" and "Mail Transfer Agent",
respectively.
You connect to your email server with an MUA, such as Outlook Express,
Thunderbird, Sylpheed-Claws, etc. An MUA is your basic mail client.
MTAs are how your email travel from server to server across the
internet. These have names like sendmail, postfix, qmail, exim,
Exchange and more. MTAs are also called mail servers.
So you use an MUA to talk to your MTA; your MTA passes your email off to
other MTAs; after a series of hops it reaches your recipient's MTA; and
that MTA then talks to your recipient's MUA. If this makes sense,
congratulations: that's all the jargon you need to know.
MUAs and MTAs are all allowed to do different things with MIME
attachments. Some MUAs, such as Outlook Express, can't handle PGP/MIME.
And some system administrators configure their MTAs to strip off all
MIME attachments save for the most commonly known types, in the
interests of limiting the spread of malware.
So if you send PGP/MIME traffic to the list, list members will be able
to read it if and only if:
1. Your MUA is able to handle PGP/MIME. (No problem for Enigmail;
other MUAs might not be so lucky.)
2. Your MTA doesn't strip esoteric MIME types as a preventative
measure. (This will vary from server to server.)
2a. No MTA between your MTA and the Enigmail-list MTA strips off
esoteric MIME types.
3. The Enigmail list allows MIME attachments. (No problem.)
3b. No MTA between the Enigmail-list MTA and the recipient's MTA strips
off esoteric MIME types.
4. A list member's MTA doesn't strip esoteric MIME types. (Again,
varies from server to server.)
5. A list member's MUA supports PGP/MIME. (No problem for Enigmail;
other MUAs might not be so lucky.)
... Given all the things that have to go right in order for PGP/MIME to
be meaningful on mailing lists, it's usually best to just strongly
advise people to not use MIME attachments of any sort, including
PGP/MIME, unless it's necessary.
Realistically, 99% of the MTAs out there will leave the PGP/MIME
attachment untouched. This makes PGP/MIME a pretty safe bet when
communicating with people one-on-one via email. But given the number of
people on the list, a 99% chance of success repeated often enough has a
very high likelihood of leaving some listmember out in the cold.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCAAGBQJHMDciAAoJELcA9IL+r4EJ6p0H/174ccmllpEM7+LC0sLjj79g
K1jUmUNdwOJ7+NLE2kxN8WUqx2camEQzwa0F2ofH/2YnoeqWzSYqB6G+EmVlqHUe
eq2rb6R34O83cUZng/GgUhmDDaC4M7a0AmVv/f1KW0w70rtUm35B95jlYbIr3Te2
YYlUHa93rWvuHV9PUwGIRtFavEDmcmC7xEOF/pd0KfCUkhOOVSjIQKjMLk+yEf7d
CuM0SKhiPXctzzC31Hp3p6DnSJbkW65p/8XgtKSZBGzVl1/P0vYN6I9XNGUtAkR3
X5neAibfMgBabaSH/b96+SyIZYq66/rOzkK+SzAQccWicy6rPvST3e2gASGjCds=
=EJLJ
-----END PGP SIGNATURE-----
More information about the Enigmail
mailing list