I'll throw in my .02 here. As far as dropping pgp support in evolution, in favor of gpg, I think that it's a perfectly reasonable thing to do, seeing as pgp is not supported any more, is broken, and it won't change the level of <evolution/other mailer> interoperability one bit. GPG libraries are 100% available for linking against, on all platforms evolution can be compiled and run on. Even on windows, if you are using PGP, you can still build GPG and not affect your PGP installation at all. Ralph Sanford's issue of how interoperable evolution is with outlook and other mailers is orthogonal to the direct support of a pgp interface in evolution. Here's my view on the state of PGP encryption interoperability between the several email GUI providers: 1. it completely, totally, unanimously sucks. It's easier to find the mode whereby it works at all between vendors, and keep that in mind as you use it. Here's some of my observations: 1. evolution evaluates encryption in the wrong place in the dataflow, and therefore has a difficult time verifying signatures. The dataflow reformats the letter, like modifying the line widths, etc, and would probably have been better to check the original message at the front of the dataflow instead. Fejj, I think, has been working on this, and I think he knows all about the limitations, and apparently, it will take a lot of work to re-do this, if it ever gets done. 2. Evolution PGP signatures louse up outlook. It's most likely OK to PGP- sign your letters, if you don't have any attachments. But if you do, it's useless to sign the letter if the recipient is an outlook user, because they most likely will not be able to recover your attachment properly. And, outlook PGP users will most likely not be able to verify the signature with attachments in the mix anyway. If you want to send encrypted attachments using evolution, with an outlook recipient, encrypt the files first, then send the encrypted file as an attachment from evolution to outlook. And don't sign the letter if it has attachments. 3. PGP for outlook has some interesting limitations, probably most likely because the interface available to them with MS Outlook. At least, that's the impression I got from wrangling over these issues with PGP support. I'd have to assume that the PGP team were fairly intelligent people, and tried to do what they could. I pointed out a weakness in the way they were doing things: If you sign just the letter, and require each attachment to be encrypted and/or signed separately, how can you really tell if some third party removed an attachment? They never answered this one. At any rate, the multilevel mime encapsulation that evolution does is way over PGP's head as far as capability. With each email vendor doing encryption their own way, and probably all them following the RFC's concerned, but restricting themselves to supporting just certain segments of the RFC's, interoperability is non-existent. Fejj has found some loopholes and problems with the encryption specs. Yet PGP as a standard set is virtually dead. The mailing lists are silent. Maybe a new standard is in order; maybe a reduction in the number of options available in the current one is in order, I can't say. All I know is, if the world wants to use encryption generally, it ain't gonna get what it wants. The best thing I can think of some mail-preprocessor to handle the decryption/signature verification for evolution. Because what you see when a letter ends up being displayed in evolution may not be exactly what you got originally, it's too late to successfully decrypt most messages, except what's been sent by another evolution user. Enough rambling. I'd love to see encryption more widely used. Right now, I feel like the only thing you can send via email is the equivalent of a post card. To heck with privacy. murf
Attachment:
signature.asc
Description: This is a digitally signed message part