On Tue 2013-08-20 13:03:27 -0400, Daniel Kahn Gillmor wrote:
> I've been meaning to write this up more cleanly, but a summary here will
> have to do for now:
>
> The MIME Content-Type header for an inline-PGP-signed e-mail message is
> not signed.  This means that an attacker can replay a signed message
> while undetectably changing the Content-Type.  One example of such an
> attack is to leave the base Content-Type as text/plain but to switch
> charsets -- the same bytestream can then be interpreted differently.

I've finally written this up, with a demonstration.  I'm hosting it here
for now:

   https://dkg.fifthhorseman.net/notes/pgp-inline-harmful/

i hope this is useful for future discussions about inline PGP.

Please let me know if you see any problems with the text or if you have
any questions.

   --dkg