[Dshield] Signing E-mail

Johannes B. Ullrich jullrich at sans.org
Tue Aug 19 13:25:57 GMT 2003

(this e-mail is not signed ;-) )

Ok, I am having an episode of strong opinions towards signing e-mail
again ;-). As you may have seen, I played with various options to
make signed e-mail easier to read across various e-mail clients.

One fundamental issue is that there are essentially 3 widely used
methods to sign e-mail:

- PGP ASCII Armored: You will see an signature at the end of the email.
- PGP Mime: The signature is added as an attachement.
- SMime: again, the signature is added as an attachement.

Sadly, some e-mail readers still do not include support to sign and
verify signed email. 

The e-mail reader I am using only understands the second format at this
time (PGP Mime). Some users report that this format will cause their
email client to display two attachements. One with the content of the
e-mail, the other with the signature.

As a participant in this mailing list, I highly recommend that you
install a PGP plugin for your mail reader (MUA). There is a large
selection of free plugins based on Gnu Privacy Guard ( gpg, gnupg).
For a list, see

SANS - Internet Storm Center
PGP Key: http://isc.sans.org/jullrich.txt

More information about the list mailing list