On Mon, 2003-01-06 at 19:49, Steven P. Auerbach wrote:
I recently stated that GPG/PGP messages from myself were correctly decrypted in Evolution 1.2.1, but messages from others are not. A reply from vbi clarified the problem, pointing out that that stated that earlier versions had support for inline PGP, but that this has been dropped, because the related problem of reliably verifying inline signatures is not solvable. Most GPG-encrypted messages sent to me are inline, so dropping support for them makes Evolution basically unusable for reading GPG-encrypted messages. KMail handles such messages just fine, so I don't believe there is any fundamental issue.
Hi again! There are no fundamental issues with inline encrypted messages - this one is only the implementation problem of the MUA being required to scan the message body. For inline signatures, there are fundamental issues as soon as some non-ASCII characters are present. The encoding on the sender and the receiver end of a message might be different, and messages sent with 8bit encoding may be re-encoded in transfer, often breaking the signature. An additional issue (for both encryption and signing) is that attachments are not protected, and things like html mail are not easily possible. MIME solves this good enough.
I strongly suggest that support for inline GPG be restored, in some form.
All this said, I agree with you: inline pgp should be supported. Thanks to evolutions bad performance in interoperability with other mail agents, I have actually much more PGP/MIME signed messages failing than I have inline signed messages fail. For all the theoretical benefits of MIME and the pitfalls of inline pgp usage, I find this really sad.
vbi suggested a 'pass this mail through gpg' button in the toolbar. Instead, I would suggest that inline GPG be simply decrypted. To clarify that a GPG-encrypted message was in fact encrypted, I suggest that there be some visual indicator that the message was decrypted - a different color background, for example, together with a text message stating that the message was encrypted. Again, KMail has a good implementation of this.
Thanks to a suggestion (by whomever it was - sorry, don't remember your name right now) I've set up a filter to color inline signed mail. The big problem with this is that - I don't see gpg output, so I don't see the trust information, or the cause of failure if a message cannot be verified - I can't input the password, so I can't use this with encrypted mail (not a problem for me). I agree with you on another point: evo should really tell you that a message was encrypted. AFAICT it doesn't do so now at all - a decrypted message looks the same as an unencrypted one. Very, very, very bad, that. cheers -- vbi -- featured link: http://fortytwo.ch/gpg/subkeys
Attachment:
signature.asc
Description: This is a digitally signed message part