Good morning.

Is there a way to make Live Mail display GnuPG-signed mail just like any
other mail and keep it from presenting the message body as a text-file?

Recipients are confused, when they see mail-body and signature as two file-attachments and do not recognize the nature of the text-file. As
there are only a few such cases in my circle of acquaintances, I deem it overkill to adapt my own standard-compliant custom to their needs.

I can, though, try to use inline-signatures for selected addressees, if
such messages are more palatable to Live Mail.

Thank you for any assistance.

Michael

--
GnuPG brainpoolP512r1/5C2A258D 2015-10-02 [expires: 2017-10-01]
sub brainpoolP512r1/53461AFA 2015-10-02 [expires: 2017-10-01]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Michael Uplawski <michael.uplawski@uplawski.eu> on 2016/12/10 wrote:

Good morning.

Is there a way to make Live Mail display GnuPG-signed mail just like any other mail and keep it from presenting the message body as a text-file?

Recipients are confused, when they see mail-body and signature as two file-attachments and do not recognize the nature of the text-file. As
there are only a few such cases in my circle of acquaintances, I deem it overkill to adapt my own standard-compliant custom to their needs.

I can, though, try to use inline-signatures for selected addressees, if
such messages are more palatable to Live Mail.

Thank you for any assistance.

Michael

I don't recall WLM having a GnuPG (GPG) feature. If it has a digital
signing and encryption features then I would suspect it would use .x509 certificates (that you get from a CA, like Verisign or Comodo). It's
been too long since I last used WLM to remember if it did digital signing/encryption and how. Outlook has native x.509 cert support, no
GPG support. I remember seeing PGP add-ons for Outlook but haven't
bothered to check if there are GPG add-ons for Outlook. Since WLM
doesn't have add-ons and it highly likely it has not native (inbuilt)
support for GPG then you must be processing your outbound e-mails
through some GPG proxy to massage them.

In your setup, are you using some external process to modify your
outbound e-mails to add the PGP sig? If so, look at a copy of your sent message. Not in the Sent folder but actually send out a copy to an SMTP
server to have it send it to some e-mail service. Then look at the raw
source of the e-mail. Did your GnuPG process end up putting the body of
the e-mail into a MIME attachment? That is, in the raw source of the
e-mail, is the body of your message contained with a MIME part and with disposition=attached?

MIME parts can have 2 dispositions: inline and attached. Those are
hints to the e-mail client. Inline means the client should show the
MIME part within the body of the message when shown in the client.
Attached means the client should show the MIME part as an attachment,
like showing a paper clip or other icon or a list of attachments (and
those icons or list are not in the body of the message). Disposition is
just a hint on how the sender would prefer the recipient's client to
present that content. If the recipients are seeing attachments for the
body then I suspect it is because the body is in a MIME part with disposition=attached.

Are you only digitally signing your e-mails or are you encrypting them?
As I recall, digitally signing hashes the body of the message and adds a
header (although maybe GnuPG dumps that data into the body). Encryption
means scrambling the body so that probably gets put into a MIME part.
How is the encrypted content delineated within the body of your message?
All e-mail - and I mean ALL of it - is transmitted as plain text. MIME
allows encoding of binary content into long text strings but it is still
text as far as the servers see. When attaching a binary file to an
e-mail, it gets encoded into a long text string in a MIME part that has disposition=attached. The recipient's client then has to identity the
MIME part (parse it) and decode the long text string back into the
binary content (which doesn't happen until the recipient tells their
client to extract the attachment).

How are recipients supposed to decrypt your message if they do not also
use GnuPG? x.509 certs are supported in many e-mail clients. I don't
know how many e-mail clients natively support GPG.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Thank you for the comprehensive response.

I recognize where I have expressed myself poorly and created a misunderstanding. Before I comment on the response, below, let me
clarify this now (English is not my mother language):

My own mail-client is Mutt under Linux.
Where I write “recipients are confused”, I am referring to users of
Windows Live Mail who *receive* my messages with detached signatures. It
is *their* client which displays the mail-body as a text-attachment to
an otherwise empty mail.

PSE pardon this glitch in my original post.

On Sat, 10 Dec 2016 13:38:42 -0600,
VanguardLH <V@nguard.LH> wrote:

I don't recall WLM having a GnuPG (GPG) feature. If it has a digital
signing and encryption features then I would suspect it would use .x509 certificates (that you get from a CA, like Verisign or Comodo).

More than encryption/signing capacities, I would like to have
mail-clients support multipart messages like most of the others do. My
question should maybe aim at clarifying how Live Mail diverts from that
rule. But, I have no idea, if the *problem* is of a more general nature.
For me, and as far as my messages are concerned, only detached
signatures lead to the observed misbehaviour.

It's
been too long since I last used WLM to remember if it did digital signing/encryption and how. Outlook has native x.509 cert support, no
GPG support. I remember seeing PGP add-ons for Outlook but haven't
bothered to check if there are GPG add-ons for Outlook. Since WLM
doesn't have add-ons and it highly likely it has not native (inbuilt)
support for GPG then you must be processing your outbound e-mails
through some GPG proxy to massage them.

During my research for answers I have seen add-ons and something which
looks like a tweaked Outlook for integrated GnuPG support.

In your setup, are you using some external process to modify your
outbound e-mails to add the PGP sig? If so, look at a copy of your sent message. Not in the Sent folder but actually send out a copy to an SMTP server to have it send it to some e-mail service. Then look at the raw source of the e-mail. Did your GnuPG process end up putting the body of
the e-mail into a MIME attachment? That is, in the raw source of the
e-mail, is the body of your message contained with a MIME part and with disposition=attached?

This is the case. My mails are MIME multipart/signed like this
- ------------------
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature"; boundary="9jxsPFA5p3P2qPhR" Content-Disposition: inline
- -----------------

MIME parts can have 2 dispositions: inline and attached. Those are
hints to the e-mail client. Inline means the client should show the
MIME part within the body of the message when shown in the client.
Attached means the client should show the MIME part as an attachment,
like showing a paper clip or other icon or a list of attachments (and
those icons or list are not in the body of the message). Disposition is
just a hint on how the sender would prefer the recipient's client to
present that content. If the recipients are seeing attachments for the
body then I suspect it is because the body is in a MIME part with disposition=attached.

So, HERE is the error of the receiving Live Mail client. It appears to
not interpret the inline disposition.

Are you only digitally signing your e-mails or are you encrypting them?

This is the part, where more reflection on my part is due. I only sign
my messages. This is almost for historic reasons...

How are recipients supposed to decrypt your message if they do not also
use GnuPG? x.509 certs are supported in many e-mail clients. I don't
know how many e-mail clients natively support GPG.

I can continue for a long time, from here... ;-)
Just a list of arguments, that could come from anybody having invested a minimum of time in considerations on encryption/signing.
- -) Signing without encrypting is useless
- -) Signing messages keeps the moment of the emission, sender and
original content inseparably together.
- -) 99% of your recipients do not understand what they see, the rest does
not care (this is France).
- -) Too many technical problems render all endeavour to secure mail and transport channels overly complicated.

With my installation in France, encryption has become completely
useless, as nobody in my vicinity cares, wants to know, knows or has a
glimpse of what I am talking about in the first place. Attaching
signatures anyway can be seen as an endeavour to authenticate my mails
for an unknown onlooker in an uncertain future, for unknown reasons.
Or as a bait for people who may be intellectually challenged by a
surprising detail ... Hope dies last.

So from the list above, I only care for the first two items.

The way that people now give in to using Web-Mail and content to see an “image” of what their mailbox might possibly look like, instead of just fetching their mails, could make me give up on the Internet altogether
and before I conclude my reflection on encryption.

Cheerio,

Michael

- --
GnuPG brainpoolP512r1/5C2A258D 2015-10-02 [expires: 2017-10-01]
sub brainpoolP512r1/53461AFA 2015-10-02 [expires: 2017-10-01]

-----BEGIN PGP SIGNATURE-----

iLUEARMKAB0WIQQqRAnUVLTr0pDaCy3ouAYUXColjQUCWEz/AgAKCRDouAYUXCol jVmrAgCVpWyszHfOQWYSd8R154ZNXFqrx48pyDQPLqbEq2UfaI+46N7P2CCDjBzT uPxwcfoUxegRU8Rp3f0mii29owYnAf4vw52OUVl9zhTYKHs6YarYxxKXbiFvTkjk LFh/bVjIDpEAQVVEbL+xSb9CGNpWGitk7VeSzWsw/pxW5w/m6vt6
=zdL2
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Michael Uplawski <michael.uplawski@uplawski.eu> on 2016/12/11 wrote:

My own mail-client is Mutt under Linux.
Where I write �recipients are confused�, I am referring to users of
Windows Live Mail who *receive* my messages with detached signatures. It
is *their* client which displays the mail-body as a text-attachment to
an otherwise empty mail.

More than encryption/signing capacities, I would like to have
mail-clients support multipart messages like most of the others do. My question should maybe aim at clarifying how Live Mail diverts from that
rule. But, I have no idea, if the *problem* is of a more general nature.
For me, and as far as my messages are concerned, only detached
signatures lead to the observed misbehaviour.

WLM does support multi-part MIME but it also has to understand the type
of each part. That's why I suspect WLM can't handle PGP. It has no
native handler for that MIME part type.

This is the case. My mails are MIME multipart/signed like this
- ------------------
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature"; boundary="9jxsPFA5p3P2qPhR" Content-Disposition: inline
- -----------------

How would WLM know how to handle MIME parts that are PGP?

I don't know how mutt works. If GPG is running separately of mutt, like
as a proxy, then it is altering outbound e-mails to add digital signing
or do the encrypting, and for inbound e-mails it would have to do the
cert validation or decrypting. Maybe there is something integration
feature between mutt and GPG to make them work more smoothly so GPG
looks like an integral feature of mutt.

How are recipients supposed to decrypt your message if they do not also
use GnuPG? x.509 certs are supported in many e-mail clients. I don't
know how many e-mail clients natively support GPG.

I can continue for a long time, from here... ;-)
Just a list of arguments, that could come from anybody having invested a minimum of time in considerations on encryption/signing.
- -) Signing without encrypting is useless
- -) Signing messages keeps the moment of the emission, sender and
original content inseparably together.
- -) 99% of your recipients do not understand what they see, the rest does not care (this is France).
- -) Too many technical problems render all endeavour to secure mail and transport channels overly complicated.

With my installation in France, encryption has become completely
useless, as nobody in my vicinity cares, wants to know, knows or has a glimpse of what I am talking about in the first place. Attaching
signatures anyway can be seen as an endeavour to authenticate my mails
for an unknown onlooker in an uncertain future, for unknown reasons.
Or as a bait for people who may be intellectually challenged by a
surprising detail ... Hope dies last.

So from the list above, I only care for the first two items.

The way that people now give in to using Web-Mail and content to see an �image� of what their mailbox might possibly look like, instead of just fetching their mails, could make me give up on the Internet altogether
and before I conclude my reflection on encryption.

Signing only says WHO create the e-mail message. It never protects the content. Oh yes, it is supposed to alert a recipient if a message has
changed (hash values don't match) but it does not secrete the content of
the message as does encryption. You can sign without encryption. That
lets the recipient know WHO sent the message (and coincidentally if the
message got altered). You can encrypt without signing. The recipient
doesn't know for sure who sent the message but the content is protected
from prying eyes (e.g., not letting Google parse for keywords). You can
sign and encrypt so the recipient knows who sent the message and keeps
the content secrete. Signing and encryption are separate traits that
can be used separately or together.

The client has to understand the MIME type. Anyone can define any MIME
type they want but the recipient would need a proper handler.

You might want to read the following which might alleviate your
compatibility problem with the clients of your recipients but looks like
you have to forsake ever attaching any files onto your e-mails.

https://gpgtools.tenderapp.com/discussions/problems/13046-gpgtools-signed-mails-outlook-2007-windows-live-mail

Unless both sending and receiving client can understand the same
protocol (or MIME type, in this case), you can't guarantee the behavior
of either endpoint. WLM does not have PGP compatibility. I don't think
that Outlook does, either, as a native function but there are add-ons to integrate PGP support into Outlook.

Hungarian Phrase Book - Monty Python's The Flying Circus https://www.youtube.com/watch?v=akbflkF_1zY

For WLM, Outlook Express, and other non-PGP capable e-mail clients,
you'll have to forego PGP and either not sign your e-mails or use x.509
certs to do that (you can some for free, like from Comodo). However, I
cannot tell you how to get x.509 certs to work with mutt. Digital
signing and encryption are features that have to be built into the
client and I don't know anything about mutt.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 11 Dec 2016 17:28:05 -0600,
VanguardLH <V@nguard.LH> wrote:

Michael Uplawski <michael.uplawski@uplawski.eu> on 2016/12/11 wrote:

How would WLM know how to handle MIME parts that are PGP?

Maybe the same way as other mailers (all that I know of) do?

Signing only says WHO create the e-mail message. It never protects the content. Oh yes, it is supposed to alert a recipient if a message has changed (hash values don't match) but it does not secrete the content of
the message as does encryption.

That has also never been the intention of a signing sender. I am not
using Web-Mail, nor IMAP and thus have my messages under my own control, those sent and those received, as long as I do not explicitly wish to keep a
copy on a remote server, which is rarely the case.

The client has to understand the MIME type. Anyone can define any MIME
type they want but the recipient would need a proper handler.

You have helped me in stating that Live Mail does not understand the
MIME type in my signed messages. That is about all I need to know about
this software. I have configured an exception for the Live Mail users
and they will get my messages signed inline, now. This appears to work, although it creates ugly messages. I do not care.

Unless both sending and receiving client can understand the same
protocol (or MIME type, in this case), you can't guarantee the behavior
of either endpoint. WLM does not have PGP compatibility.

Okay. This point is clear.

For WLM, Outlook Express, and other non-PGP capable e-mail clients,
you'll have to forego PGP and either not sign your e-mails or use x.509
certs to do that (you can some for free, like from Comodo). However, I cannot tell you how to get x.509 certs to work with mutt. Digital
signing and encryption are features that have to be built into the
client and I don't know anything about mutt.

Mutt works, as most contemporary email-client, well with GnuPG. For the problematic clients, you can always opt to use inline signed messages (“clearsign”) and send them like any other mail.

Thanks for all the information.

Michael

--
GnuPG brainpoolP512r1/5C2A258D 2015-10-02 [expires: 2017-10-01]
sub brainpoolP512r1/53461AFA 2015-10-02 [expires: 2017-10-01]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Michael Uplawski <michael.uplawski@uplawski.eu> wrote:

VanguardLH <V@nguard.LH> wrote:

How would WLM know how to handle MIME parts that are PGP?

Maybe the same way as other mailers (all that I know of) do?

Yep, for the ones that have built-in to understand PGP or ancilliary
software (add-ons, proxies) extend the client to add PGP support. MS
Outlook doesn't have PGP support but it can be added with an add-on.
Outlook Express had a non-published add-on API that was flaky and why
Microsoft never supported it. WLM does not have PGP support and it
doesn't have add-on support. Well, it looks like there is an extension
API for WLM but, again, it is undocumented; see:

http://www.nektra.com/windows-live-mail-plugin-development/

So there may be some product that utilizes the undocumented extension
API in WLM to add PGP to WLM. I did a search, didn't find any such
add-on, but that doesn't mean there is not one. However, it is very
likely that the vast majority of WLM users don't know of a PGP add-on
for WLM.

Tis possible a proxy could do the PGP/MIME handling (automatically do
the cert check, or encrypt/decrypt, or both) for WLM or OE but it would
likely be a clumsy setup.

Microsoft e-mail clients do not have integral PGP support. That is a
huge portion of the e-mail marketshare. Apple's OS/X mail app doesn't
support PGP. Both those marketshares require additional software to
introduce PGP support (gpg4Win for Windows, GPG Tools for OS/X). How
many users are going to install and configure software to add PGP,
especially when most of those users don't care about PGP or x.509
signing? Webmail clients are a growing marketshare. None of that
ancilliary PGP software will work with those e-mail clients because
users don't get to install software up on the mail server. There are browser-specific plug-ins to add PGP support but that is performing a
task external to the e-mail provider's service, and still requires users
to install ancilliary software for a feature not demanded nor understood
by the majority of e-mail users.

Signing only says WHO create the e-mail message. It never protects the
content. Oh yes, it is supposed to alert a recipient if a message has
changed (hash values don't match) but it does not secrete the content of
the message as does encryption.

That has also never been the intention of a signing sender.

That has never been YOUR intention. Digital signing is just like
showing your driver's license to the cop who stops you when speeding.
It shows who you are. There is no requirement to prattle in a secret
language with the cop (no one is around to overhear your conversation
with the cop standing at your car door and you sitting in the driver's
seat). Digitally signing an e-mail and entrusting a 3rd party with
proving your identity is the same as showing a driver's license and
entrusting your gov't to prove your identity.

A digitally signed e-mail provides assurance to the recipient as to who
sent the message. If digital signatures and encryption were only
intended to be used together then no one would mention the digital
signature and only refer to the encryption since that would, according
to your interpretation, always include identification of sender.

You have helped me in stating that Live Mail does not understand the
MIME type in my signed messages. That is about all I need to know about
this software. I have configured an exception for the Live Mail users
and they will get my messages signed inline, now. This appears to work, although it creates ugly messages. I do not care.

I've not received many PGP-signed e-mail. My recollection is seeing
some hash string that is inline in the body of the e-mail. No recipient
is going to bother figuring out how to use that hash with some server
they have to discover to verify the identity of the sender. That's why
PGP signatures are mostly viewed as worthless for e-mails. No one is
going to do the work of manually verifying the cert. If you put your
driver's license number in your e-mails, how many of your recipients
know how or could do the lookup to verify you sent that e-mail?

https://enigmail.wiki/Signature_and_Encryption
"HTML messages are not handled properly by the Inline PGP format. The
PGP/MIME format, however, can deal flawlessly with HTML messages."

That still requires the recipient's client knows how to decipher
PGP/MIME content. If you're going to PGP inline to sign your e-mails,
it looks like you have to ensure you send as plain text. Okay, but what
are non-PGP users going to do with the string shown for the signature
when using inline PGP? If it's manual, users aren't going to do it.
PGP signing seems to be useful only between PGP-using users using
PGP-capable clients or some PGP software that works in tandem with their
e-mail client.

Having to deal with PGP-signed e-mails when received in non-PGP capable
e-mail clients (which includes ALL webmail clients, too) and the process
or getting allocated and installing x.509 certs along with it being an
invite scheme is why the whole digital signing and encryption features
(whether x.509 or PGP schemed) are too complicated for the vast majority
of e-mail users. Hell, most won't even notice the lock icon when they
receive a digitally signed e-mail. Most times I used the Received
headers to verify who sent an e-mail - but how many e-mail users know
how to decipher the SMTP headers?

I think you are fighting a losing battle with PGP or GPG. Only in a
small community of e-mail users that also employ clients or ancilliary
software that provides PGP support will your PGP-based signatures have
any value. Outside that community, you run into users of non-PGP
capable e-mail clients and who are not installing ancilliary software
(add-ons, plug-ins, proxies) to add a feature they don't care about.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi again.

I think we are becoming utterly off-topic. But as Usenet is lacking
life, these days, this may be qualified as positive as any other
exchange that excludes dropping chlorine.

On Tue, 13 Dec 2016 12:10:29 -0600,
VanguardLH <V@nguard.LH> wrote:

So there may be some product that utilizes the undocumented extension
API in WLM to add PGP to WLM. I did a search, didn't find any such
add-on, but that doesn't mean there is not one. However, it is very
likely that the vast majority of WLM users don't know of a PGP add-on
for WLM.

There is currently 1 (one) of my recipients who uses Live Mail. If my
insisting on treating him like anybody else in my, sometimes longer,
To- and CC-headers should have any consequence at all, it could well be
his giving up on Live Mail. Or anything else; as I still do not care.

Microsoft e-mail clients do not have integral PGP support. That is a
huge portion of the e-mail marketshare.

I cut in at the first occurrence of market share. Although this
newsgroup is named microsoft.something, I want to clarify that market
shares do not interest me, nor the majority of my
communication-partners, the guy with Live Mail inclusive.

I came to Usenet to mingle with people from all over the world, which
includes Trump-US, Putin-Russia and Turbo-capitalistic China. However,
there are others who deploy software for reasons and uses which are not commercial and elude all attempt to be measured in money-value. Do not
worry, the French do not get it, either... ;-)

browser-specific plug-ins to add PGP support but that is performing a
task external to the e-mail provider's service, and still requires users
to install ancilliary software for a feature not demanded nor understood
by the majority of e-mail users.

When I discuss mail clients on the Web, the first thing I do is explain
the difference between Mail and Web. What it means to run a web-server
as opposed to what it means to run (or not) or to use (or not) a
mail-server. My conclusion is always that the Web is not for Mail.

And that I cannot give recommendations for abusing a half-dead system
which needs urgent repair, but cannot be cured, because half the world
believes to depend on the abuse going on and on and on... http is not
for mail. Ω

Now do as you please. ;)

A digitally signed e-mail provides assurance to the recipient as to who
sent the message. If digital signatures and encryption were only
intended to be used together then no one would mention the digital
signature and only refer to the encryption since that would, according
to your interpretation, always include identification of sender.

I keep digitally my own signed messages archived. The archive would lose
much of its value, were my messages not signed.

receive a digitally signed e-mail. Most times I used the Received
headers to verify who sent an e-mail - but how many e-mail users know
how to decipher the SMTP headers?

That is the starting point for the most basic education to using the mail-system (I am reflecting for too long about the use of the Gerund in
this phrase and just leave it like it is, now).

So this is, where appear to reach consensus:

-) People do not know enough.
-) People do not know enough about the mail-system.

I think you are fighting a losing battle with PGP or GPG.

I have given up several well-payed jobs because, while other kinds of battles (some for market share) promised wealth and honor, I cannot condone
dumbness be seen as a virtue. Being a looser spares me to cheer with the bastards who bungle it all for the sake their market share, domination
or even self-esteem.

And basically, I do not care anyway. I grow vegetables (those who do not understand, should look it up on Wikipedia).

small community of e-mail users that also employ clients or ancilliary software that provides PGP support will your PGP-based signatures have
any value. Outside that community, you run into users of non-PGP
capable e-mail clients and who are not installing ancilliary software (add-ons, plug-ins, proxies) to add a feature they don't care about.

I am familiar with my own situation. And I can top it by telling you
that I used PGP before I had my first Internet connection. Now if that
ain't dumb.
;)

Cheerio,

Michael

--
GnuPG brainpoolP512r1/5C2A258D 2015-10-02 [expires: 2017-10-01]
sub brainpoolP512r1/53461AFA 2015-10-02 [expires: 2017-10-01]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Michael Uplawski <michael.uplawski@uplawski.eu> wrote:

I think we are becoming utterly off-topic. But as Usenet is lacking
life, these days, this may be qualified as positive as any other
exchange that excludes dropping chlorine.

So, to stay on-topic, you can't use PGP to send digitally signed e-mails
to users that:
- Use PGP-incapable e-mail clients. (*)
- Will not install or have not installed ancilliary software to add PGP
support to their PGP-incapable e-mail client.

(*) Includes MS Outlook, WLM, OE, Eudora, and even Thunderbird. All of
those require ancilliary software installed separately or elected
for inclusion in the OS distro.

-- Further --

Outlook, WLM, OE, Eudora, and Thunderbird (available on multiple OS
platforms) won't do PGP by themselves. Ancilliary software is required
(i.e., something more than just the e-mail client).

Does mutt actually do PGP all by itself or does it rely on GnuPG being
included in the Linux distro (and elected or a default choice during
Linux installation)? Doesn't look like. Looks like it needs GnuPG
included in the Linux distro or installed separately. Even if it did,
do most of your recipients use mutt?

You sure none of your recipients use webmail? And none use smartphones?
If you don't care (as you indicated) then why digitally sign unless the
vast majority of your recipients are using a PGP-capable e-mail client?
Are most of your e-mail community all mutt users (so they can use the
GnuPG support included and installed in their Linux distro)?

I'm not sure why you think digital signing is so important when so few
e-mail users can use it, especially for PGP. How is digital signing
only important to the sender? The sender already knows who they are.
It's something only important to the recipient. Using PGP means less
*chance* that the recipients can use it (and with automatic ID check);
however, chances dramatically increase if the community of recipients
are all sharing the same software setup.

Well, anyway, WLM doesn't itself support PGP and it is very unlikely
your recipients are going to change their e-mail client nor install more software for something they don't understand or don't care much about.
Going inline PGP won't solve your problem since WLM users aren't going
to bother figuring out how to validate your hash string presented in the
body to some key on a server.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

I may just try to conclude the discussion in saying that, if education
is due, better start it now, than elude any responsibility by listing obstructions and call them destiny.

Full-quote, below, no text added.

Cheerio,

Michael

On Thu, 15 Dec 2016 18:39:25 -0600,
VanguardLH <V@nguard.LH> wrote:

Michael Uplawski <michael.uplawski@uplawski.eu> wrote:

I think we are becoming utterly off-topic. But as Usenet is lacking
life, these days, this may be qualified as positive as any other
exchange that excludes dropping chlorine.

So, to stay on-topic, you can't use PGP to send digitally signed e-mails
to users that:
- Use PGP-incapable e-mail clients. (*)
- Will not install or have not installed ancilliary software to add PGP
support to their PGP-incapable e-mail client.

(*) Includes MS Outlook, WLM, OE, Eudora, and even Thunderbird. All of
those require ancilliary software installed separately or elected
for inclusion in the OS distro.

-- Further --

Outlook, WLM, OE, Eudora, and Thunderbird (available on multiple OS platforms) won't do PGP by themselves. Ancilliary software is required (i.e., something more than just the e-mail client).

Does mutt actually do PGP all by itself or does it rely on GnuPG being included in the Linux distro (and elected or a default choice during
Linux installation)? Doesn't look like. Looks like it needs GnuPG
included in the Linux distro or installed separately. Even if it did,
do most of your recipients use mutt?

You sure none of your recipients use webmail? And none use smartphones?
If you don't care (as you indicated) then why digitally sign unless the
vast majority of your recipients are using a PGP-capable e-mail client?
Are most of your e-mail community all mutt users (so they can use the
GnuPG support included and installed in their Linux distro)?

I'm not sure why you think digital signing is so important when so few
e-mail users can use it, especially for PGP. How is digital signing
only important to the sender? The sender already knows who they are.
It's something only important to the recipient. Using PGP means less *chance* that the recipients can use it (and with automatic ID check); however, chances dramatically increase if the community of recipients
are all sharing the same software setup.

Well, anyway, WLM doesn't itself support PGP and it is very unlikely
your recipients are going to change their e-mail client nor install more software for something they don't understand or don't care much about.
Going inline PGP won't solve your problem since WLM users aren't going
to bother figuring out how to validate your hash string presented in the
body to some key on a server.

--
GnuPG brainpoolP512r1/5C2A258D 2015-10-02 [expires: 2017-10-01]
sub brainpoolP512r1/53461AFA 2015-10-02 [expires: 2017-10-01]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Michael Uplawski <michael.uplawski@uplawski.eu> wrote:

I may just try to conclude the discussion in saying that, if education
is due, better start it now, than elude any responsibility by listing obstructions and call them destiny.

I see you like to avoid questions. You never did address if mutt itself *natively* does GPG. If it relies upon an PGP or GPG package included
in or added to the OS installation then mutt doesn't natively do GPG.

What are the GPG e-mail clients that have native GPG support *without*
any ancilliary software? No installing (during or after) some PGP or
GPG package into the OS. I mean *native* support of PGP/GPG *within*
the e-mail client itself. You talk like just everyone should be using PGP-capable e-mail clients or just everyone goes out installing PGP/GPG packages for the vast majority of PGP-incapable e-mail clients.

You said only one of your recipients uses WLM. What do the others use?
Can those e-mail clients handle PGP signed e-mails without adding any ancilliary software? Is the vast majority of your recipients all using
Linux and already have GPG installed for use by whatever e-mail client
they use? Just what is your audience composition of OS, e-mail clients,
and PGP support (internal or external to e-mail client)? If all but
one, or two, of your recipients are on Linux with GPG already installed,
screw the Window user(s) who won't install GPG4Win due to your choice of digital signing. I've not see that PGP was ever well embraced by
Windows users. Not included in the Windows distro versus most Linux
distros dumping it into their installation.

https://gnupg.org/related_software/swlist.html

That lists some, maybe all, of the PGP-capable e-mail clients. Which
ones (that are e-mail clients, not ancilliary software for them) will
NOT work with PGP-based digital signatures if the PGP/GPG packages was
NOT installed into the OS? Most of those listed are Linux-only
programs. You posted in a WLM newsgroup; however, it looks like the
majority of your recipients are probably in the far smaller community of
Linux users. On Windows, which is the focus of this community in this
WLM newsgroup, the above e-mail client list has:

Claws Mail: Requires ancilliary software (GPG4WIN, in which this
client is bundled).
Cryptophane: A Windows UI for the GnuPG encryption program.
Enigform: Firefox add-on.
Enigmail: Thunderbird add-on.
EudoraGPG: Plug-in to Eudora.
gnupg-for-java: Java binding for GPGME library.
GPA: Requires GPG4Win.
GPG4Win: Yeah, the ancilliary software needed on Windows for
those e-mail clients.
GPGME: Library of GPG functions.
GPGOE: Ancilliary software to provide GPG support to Outlook Express. GPGOL: Plug-in for MS Outlook. (There are others.)
GPGrelay: A PGP-capable proxy (not the actual e-mail client).
PINentry: Ancilliary software to the actual e-mail client.
PSI: Listed but is not an e-mail client. A cross-platform
XMPP (chat aka instant messaging) client.
Scribe: A plug-in for GPG support. Included with Scribe.
wija: Another incorrectly listed client: an XMPP chat client,
not an e-mail client.
WinGPG: Not included in any Windows distro. Ancilliary software
to add GPG support to some PGP-incapable e-mail client.

All of those Windows e-mail clients needed ancilliary software that
provides the actual PGP/GPG support. Although not having native
support, Scribe comes with a GPG plug-in - so it works out-of-the-box.
And you are surprised or unaware that Windows users don't have e-mail
clients with PGP/GPG support?

Stay in your small community of Linux users as your e-mailed recipients;
else, expect recipients on Windows to have problems with your PGP/GPG
signed e-mails as they won't have the PGP/GPG support you want them to
have to which you have become accustomed with your Linux community.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)