Immer wieder muss ich danach suchen, jetzt habe ich es mal hochgeladen:
Sinn und Zweck ist es, reinkommende Mails mit Inline PGP Signaturen und Schlussel, in MIME zu konvertieren. Das muss man dann machen, wenn auf
der einen Seite ein „broken“ Mail Client benutzt wird, der das „alte“ Verfahren nutzt, und auf der anderen Seite Evolution sitzt. Denn dieser
Client kann nur MIME. Es gibt einige heftige Diskussionen daruber auf der Mailingliste, Auszuge gefallig?:
On Fri, 2004-05-14 at 16:06 -0500, Brian G. Peterson wrote:
I’m writing to inquire after the status of inline OpenPGP support in
Evolution. Google and the archive for this list (and my current
experience with Evolution) seem to indicate that inline OpenPGP messages
are *still* not supported.
inline support is required for full OpenPGP standards compliance
uhm… completely irrelevant. OpenPGP is the same bloody thing as
„inline pgp“. they are synonymous. OpenPGP is the format for PGP
applications to implement, not MUA’s. Would you really want your MUA to
implement OpenPGP? I know I wouldn’t.
, and
almost all OpenPGP compliant mailers offer some support for inline
encryption and signatures, if only on decrypt/verify.
if you say so…
The current draft OpenPGP RFC (RFC2440bis) will almost certainly contain
additional implementation details to make it easier for users to
indicate in thier keys which mail format that they wish others to use
when communicating with them.
RFC 3156 (OpenPGP/MIME) neither obsoletes nor modifies RFC 2440, but
rather offers a complimentary implementation of RFC 2440, and could be
said to extend that standard to clearly define how to use OpenPGP with MIME.
again, irrelevant. mailers send MIME, hence they should use rfc3156.
rfc2440 is for pgp programs to implement, not MUA’s. rfc3156 describes
how to use use rfc2440 with MIME. MUA’s send MIME.
Conclusion: MUA’s are meant to send rfc3156 compliant messages.
by definition, if you send rfc3156 messages, you also comply with
rfc2440 🙂
The fact is that inline support is required for the largest
interoperability, and is not hard to implement.
does this mean you’ll send us a patch? 🙂
Not supporting it
causes huge interoperability problems with Microsoft’s Outlook products,
Outlook doesn’t support PGP by itself, and most corporate Outlook users
that use encryption/signatures don’t use PGP anyway. They use S/MIME.
and with many versions of Commercial PGP.
funny that commercial PGP mailer-plugins doesn’t follow the IETF
standards…
I’d love an update on the status of inline support.
it’s not implemented and it’s not going to make it into 2.0 either
(we’re feature frozen). There are also no future plans to implement it
(then again, we have no plans for after the 2.0 release, so that isn’t
saying much…)
End Of Thread (since nothing useful can come out of further discussion
of this topic)
Jeff
On Sat, 2004-05-15 at 11:56, Gregor Hlawacek wrote:
Am Sa, den 15.05.2004 schrieb Jeffrey Stedfast um 1:09:
On Fri, 2004-05-14 at 16:06 -0500, Brian G. Peterson wrote:
I’m writing to inquire after the status of inline OpenPGP support in
Evolution. Google and the archive for this list (and my current
experience with Evolution) seem to indicate that inline OpenPGP messages
are *still* not supported.
inline support is required for full OpenPGP standards compliance
………….
End Of Thread (since nothing useful can come out of further discussion
of this topic)
I think the last sentence is a little bit rude.
all past threads that had anything to do with inline pgp turned into a
flame wars and I’d rather not have to wade thru yet another…
No matter some one was
asking for a feature (that I think would be nice) and at least has read
a lot of rfc which is not easy especially when the topic is mime and
pgp. I know that other (M$ and Linux) mailer have this option and I
think it would be nice. It is okay to decide to not implement this but
it should be okay to talk about it.
the thing is, what is there to talk about really? a feature request has
already been filed. some contributor was working on it but has seemingly
disappeared (this is like the 4th or 5th time this has happened).
No matter who does the actuall encryption or singing my mailer should at
least give an interface to all the usefull features of pgp.
that’s basically impossible.
However pgp
signing is working and I am using it. I guess that the signature evo
creates with the help of pgp is only for the text not for attachements
(kmail can do both)?
no, Evolution signs the toplevel MIME part which means that the
attachments are included in the signature.
you can’t do this with „inline pgp“. in fact, this is one of the many
problems with inline pgp, you can’t sign attachments. Some mailers
(Outlook and/or PGPMail?) will do dumb shit like signing or encrypting
the content and still setting the Content-Type to whatever the
attachment mime-type was. This totally breaks stuff for mailers, even
ones that purport to support inline-pgp because most inline-pgp mailers
only support inline-pgp in text/plain parts. They don’t even think to
look in image/jpeg or whatever else parts (which some inline-pgp mailer
or another actually does – I know because we got a bug report about it a
few years back).
totally pisses me off because once you clearsign or encrypt the content,
it’s no longer the same mime-type, but broken mailers that send
inline-pgp do it all the bloody time.
Content-Type is meant to tell MUA’s what the content is so that they can
display it properly.
If your MUA doesn’t smoke from the same crackpipe that the email
author’s mailer smokes from, then your mailer won’t be able to handle
it.
The whole bloody purpose of MIME is to avoid this issue!!!
Ich meine, ich kann es ja nachvollziehen das Inline PGP Schrott ist und wieder mal (fast) alle Mail User Agents dem hinterher rennen, aber das
finde ich dann doch zu ignorant. Defacto kommt gerade mal ein MUA mit meinen Outline MIME Nachrichten (in der Windows Welt)
zurecht und das ist Thunderbird (Mozilla zahle ich nicht extra auf). Mir war, als wenn selbst KMail nur Inline PGP beherrscht.
Thunderbird losst es sehr elegant, bei Empfangern wo er nicht weis, welches Verfahren genutzt werden soll, nutzt er PGP Inline, ansonsten MIME.
Die Evolution Hacker konnten sich da eine Scheibe abschneiden. 🙁 . Fairerweise sollte erwahnt werden, das gegen Bares (200$) ein Patch
erworben werden kann, der PGP Inline nachrustet. Angeblich soll ein anderer Patch in Evo 2.2 einfliesen.