Good morning.
Is there a way to make Live Mail display GnuPG-signed mail just like any other mail and keep it from presenting the message body as a text-file?
Recipients are confused, when they see mail-body and signature as two file-attachments and do not recognize the nature of the text-file. As
there are only a few such cases in my circle of acquaintances, I deem it overkill to adapt my own standard-compliant custom to their needs.
I can, though, try to use inline-signatures for selected addressees, if
such messages are more palatable to Live Mail.
Thank you for any assistance.
Michael
I don't recall WLM having a GnuPG (GPG) feature. If it has a digital
signing and encryption features then I would suspect it would use .x509 certificates (that you get from a CA, like Verisign or Comodo).
It's
been too long since I last used WLM to remember if it did digital signing/encryption and how. Outlook has native x.509 cert support, no
GPG support. I remember seeing PGP add-ons for Outlook but haven't
bothered to check if there are GPG add-ons for Outlook. Since WLM
doesn't have add-ons and it highly likely it has not native (inbuilt)
support for GPG then you must be processing your outbound e-mails
through some GPG proxy to massage them.
In your setup, are you using some external process to modify your
outbound e-mails to add the PGP sig? If so, look at a copy of your sent message. Not in the Sent folder but actually send out a copy to an SMTP server to have it send it to some e-mail service. Then look at the raw source of the e-mail. Did your GnuPG process end up putting the body of
the e-mail into a MIME attachment? That is, in the raw source of the
e-mail, is the body of your message contained with a MIME part and with disposition=attached?
MIME parts can have 2 dispositions: inline and attached. Those are
hints to the e-mail client. Inline means the client should show the
MIME part within the body of the message when shown in the client.
Attached means the client should show the MIME part as an attachment,
like showing a paper clip or other icon or a list of attachments (and
those icons or list are not in the body of the message). Disposition is
just a hint on how the sender would prefer the recipient's client to
present that content. If the recipients are seeing attachments for the
body then I suspect it is because the body is in a MIME part with disposition=attached.
Are you only digitally signing your e-mails or are you encrypting them?
How are recipients supposed to decrypt your message if they do not also
use GnuPG? x.509 certs are supported in many e-mail clients. I don't
know how many e-mail clients natively support GPG.
My own mail-client is Mutt under Linux.
Where I write recipients are confused, I am referring to users of
Windows Live Mail who *receive* my messages with detached signatures. It
is *their* client which displays the mail-body as a text-attachment to
an otherwise empty mail.
More than encryption/signing capacities, I would like to have
mail-clients support multipart messages like most of the others do. My question should maybe aim at clarifying how Live Mail diverts from that
rule. But, I have no idea, if the *problem* is of a more general nature.
For me, and as far as my messages are concerned, only detached
signatures lead to the observed misbehaviour.
This is the case. My mails are MIME multipart/signed like this
- ------------------
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature"; boundary="9jxsPFA5p3P2qPhR" Content-Disposition: inline
- -----------------
How are recipients supposed to decrypt your message if they do not also
use GnuPG? x.509 certs are supported in many e-mail clients. I don't
know how many e-mail clients natively support GPG.
I can continue for a long time, from here... ;-)
Just a list of arguments, that could come from anybody having invested a minimum of time in considerations on encryption/signing.
- -) Signing without encrypting is useless
- -) Signing messages keeps the moment of the emission, sender and
original content inseparably together.
- -) 99% of your recipients do not understand what they see, the rest does not care (this is France).
- -) Too many technical problems render all endeavour to secure mail and transport channels overly complicated.
With my installation in France, encryption has become completely
useless, as nobody in my vicinity cares, wants to know, knows or has a glimpse of what I am talking about in the first place. Attaching
signatures anyway can be seen as an endeavour to authenticate my mails
for an unknown onlooker in an uncertain future, for unknown reasons.
Or as a bait for people who may be intellectually challenged by a
surprising detail ... Hope dies last.
So from the list above, I only care for the first two items.
The way that people now give in to using Web-Mail and content to see an image of what their mailbox might possibly look like, instead of just fetching their mails, could make me give up on the Internet altogether
and before I conclude my reflection on encryption.
Michael Uplawski <michael.uplawski@uplawski.eu> on 2016/12/11 wrote:
How would WLM know how to handle MIME parts that are PGP?
Signing only says WHO create the e-mail message. It never protects the content. Oh yes, it is supposed to alert a recipient if a message has changed (hash values don't match) but it does not secrete the content of
the message as does encryption.
The client has to understand the MIME type. Anyone can define any MIME
type they want but the recipient would need a proper handler.
Unless both sending and receiving client can understand the same
protocol (or MIME type, in this case), you can't guarantee the behavior
of either endpoint. WLM does not have PGP compatibility.
For WLM, Outlook Express, and other non-PGP capable e-mail clients,
you'll have to forego PGP and either not sign your e-mails or use x.509
certs to do that (you can some for free, like from Comodo). However, I cannot tell you how to get x.509 certs to work with mutt. Digital
signing and encryption are features that have to be built into the
client and I don't know anything about mutt.
VanguardLH <V@nguard.LH> wrote:
How would WLM know how to handle MIME parts that are PGP?
Maybe the same way as other mailers (all that I know of) do?
Signing only says WHO create the e-mail message. It never protects the
content. Oh yes, it is supposed to alert a recipient if a message has
changed (hash values don't match) but it does not secrete the content of
the message as does encryption.
That has also never been the intention of a signing sender.
You have helped me in stating that Live Mail does not understand the
MIME type in my signed messages. That is about all I need to know about
this software. I have configured an exception for the Live Mail users
and they will get my messages signed inline, now. This appears to work, although it creates ugly messages. I do not care.
So there may be some product that utilizes the undocumented extension
API in WLM to add PGP to WLM. I did a search, didn't find any such
add-on, but that doesn't mean there is not one. However, it is very
likely that the vast majority of WLM users don't know of a PGP add-on
for WLM.
Microsoft e-mail clients do not have integral PGP support. That is a
huge portion of the e-mail marketshare.
browser-specific plug-ins to add PGP support but that is performing a
task external to the e-mail provider's service, and still requires users
to install ancilliary software for a feature not demanded nor understood
by the majority of e-mail users.
A digitally signed e-mail provides assurance to the recipient as to who
sent the message. If digital signatures and encryption were only
intended to be used together then no one would mention the digital
signature and only refer to the encryption since that would, according
to your interpretation, always include identification of sender.
receive a digitally signed e-mail. Most times I used the Received
headers to verify who sent an e-mail - but how many e-mail users know
how to decipher the SMTP headers?
I think you are fighting a losing battle with PGP or GPG.
small community of e-mail users that also employ clients or ancilliary software that provides PGP support will your PGP-based signatures have
any value. Outside that community, you run into users of non-PGP
capable e-mail clients and who are not installing ancilliary software (add-ons, plug-ins, proxies) to add a feature they don't care about.
I think we are becoming utterly off-topic. But as Usenet is lacking
life, these days, this may be qualified as positive as any other
exchange that excludes dropping chlorine.
Michael Uplawski <michael.uplawski@uplawski.eu> wrote:
I think we are becoming utterly off-topic. But as Usenet is lacking
life, these days, this may be qualified as positive as any other
exchange that excludes dropping chlorine.
So, to stay on-topic, you can't use PGP to send digitally signed e-mails
to users that:
- Use PGP-incapable e-mail clients. (*)
- Will not install or have not installed ancilliary software to add PGP
support to their PGP-incapable e-mail client.
(*) Includes MS Outlook, WLM, OE, Eudora, and even Thunderbird. All of
those require ancilliary software installed separately or elected
for inclusion in the OS distro.
-- Further --
Outlook, WLM, OE, Eudora, and Thunderbird (available on multiple OS platforms) won't do PGP by themselves. Ancilliary software is required (i.e., something more than just the e-mail client).
Does mutt actually do PGP all by itself or does it rely on GnuPG being included in the Linux distro (and elected or a default choice during
Linux installation)? Doesn't look like. Looks like it needs GnuPG
included in the Linux distro or installed separately. Even if it did,
do most of your recipients use mutt?
You sure none of your recipients use webmail? And none use smartphones?
If you don't care (as you indicated) then why digitally sign unless the
vast majority of your recipients are using a PGP-capable e-mail client?
Are most of your e-mail community all mutt users (so they can use the
GnuPG support included and installed in their Linux distro)?
I'm not sure why you think digital signing is so important when so few
e-mail users can use it, especially for PGP. How is digital signing
only important to the sender? The sender already knows who they are.
It's something only important to the recipient. Using PGP means less *chance* that the recipients can use it (and with automatic ID check); however, chances dramatically increase if the community of recipients
are all sharing the same software setup.
Well, anyway, WLM doesn't itself support PGP and it is very unlikely
your recipients are going to change their e-mail client nor install more software for something they don't understand or don't care much about.
Going inline PGP won't solve your problem since WLM users aren't going
to bother figuring out how to validate your hash string presented in the
body to some key on a server.
I may just try to conclude the discussion in saying that, if education
is due, better start it now, than elude any responsibility by listing obstructions and call them destiny.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (2 / 14) |
Uptime: | 87:19:48 |
Calls: | 6,658 |
Files: | 12,203 |
Messages: | 5,333,879 |