• pgp/inline is not very robust

    From August Abolins@2:221/1.58 to All on Friday, January 07, 2022 20:27:00
    A recent exchange of encrypted mail with a friend who uses a
    few different programs to process encrytped mail (Claws, K9,
    and P=P) led to interesting discoveries of pgp/inline vs pgp/
    mime.

    For instance, the Pgpg app on my Blackberry (BB) only supports
    pgp/inline. This has lead to the recipient unable to properly
    verify my signature.

    My friend writes:

    "A couple of things that I earned from this investigation:

    "a) pgp/inline is not very robust - there are some interesting points at this URL

    https://dkg.fifthhorseman.net/notes/inline-pgp-harmful/

    "b) K9 does autocrypt signing - I don't remember if BB deals with it properly, but this provides the signing at the header level, and gpg is definitely
    OK with that approach. OKC is likely the same.

    "c) gpg cannot seem to deal FULLY with either the signed output of the BB,
    or the signed output of Claws.

    "I suspect that since neither Claws or BB do autocrypt signing, we won't get this resolved.

    "That is a different beast from what is traditionally to be used for pgp/inline,
    and apparently something in our path is screwing up the signature when it is not in the autocrypt header.

    I'm not TOO overly concerned about the Pgpg app on my
    Blackberry (BB) to be limited to pgp/inline since I would
    primarily use it to preview/read an encrypted message. I can
    use OpenKeyChain to preview/read multipart mime encrypted
    messages.
    --
    ../|ug

    --- OpenXP 5.0.51
    * Origin: (2:221/1.58)