Signature Handling in Emails

There are different formats how to sign the contents of an email:

1. MIME (prefered way)

OpenPGP/MIME or S/MIME standards.

      Content-Type: multipart/signed

      Content-Type: text/plain
      This is the text.

      Content-Type: application/pgp-signature; name=signature.asc 
      -----BEGIN PGP SIGNATURE-----
      -----END PGP SIGNATURE-----

2. "no-mime" (old term: "clearsign")

Some people used to call this "clearsigned" or "inline", but we believe this to be missleading.

"clear" is something positive, something you would want. Similiar to "inline". But we know that the user experience is much better with the OpenPGP/MIME way of clearsigning the mail body. The chance to see the text correctly with OpenPGP/MIME is much higher and the email is better structured, aka more clearly structured. Therefore we suggest to give the old format a different name: "no-mime signed".

We suggest to use "no-mime signature" as a description of this less wanted method to sign a mail body contents everywhere. No-mime maybe a slightly better solution compared to just using attachments for email communication and the name would point more to the even better solution.

      This is the text.
      -----BEGIN PGP SIGNATURE-----
      -----END PGP SIGNATURE-----


NB. “Cleartext Signatures” is a term from the OpenPGP standard and “clearsigned” is a commonly used abbreviation of it. Thus I don't think we shall invent another term for such a precise and well known term. -- Werner Koch 2013-08-26 13:03:04

Old, unused idea from 2013: "double no-mime"

This was new format idea which we had considered for testing in GpgOL 1.2.x for Outlook 2010 and 2013. When a technical method was found to support OpenPGP/MIME construction in Outlook, the idea became obsolete. In 2015 Gpg4win 2.3.0 was released with GpgOL 1.3.0 that supports the preferred methods OpenPGP/MIME and S/MIME.

The body text is included twice, so we call it "double no-mime". You can see its structure in the example below or in attachment:doublenomime.mbox.

      This is the Text
      -----BEGIN PGP MESSAGE-----
      XYZXYZ                        <- contains "This is the Text" again, **unencrypted** but encoded
      -----END PGP MESSAGE-----

It was not tried in GpgOL and with Gpg4all2015 it is likely that full MIME support can be added to Outlook versions (>=2010).

Discussion (old 2013)

I believe that solving a problem in Outlook by defining yet another format is the Wrong Thing. Recent mail privacy discussions go along the lines that the mail format (rfc822) will be used for the foreseeable future but the transport protocol (rfc821) will eventually change. Thus the Exchange/Outlook problems will soon turn non-relevant and thus we can stick to OpenPGP/MIME. This is in particular true because GpgOL already has a full fledged OpenPGP/MIME parser. -- Werner Koch 2013-08-26 13:11:10

SignatureHandling (last edited 2021-12-10 08:01:06 by bernhard)