Folks,
All of this discussion about MIME and amouring is facinating.
The fundamental question about MIME vs. non-MIME and, in general, about
behaving like an independent activity, versus integrating with existing
Internet standards, is the question of participation.
Does this group want to participate in the suite of Internet technology
standards or does it want to act in isolation and require that it provide
all its own tools?
One comment was that MIME sucks. While not the most professional language,
it is and entirely accurate technical assessment, in my opinion. What that
assessment lacks is an understanding that MIME mostly sucks due to very
careful (and, I believe, necessary) engineering. More importantly, sucky
little MIME has become the lingua franca for object labeling and
aggregation on the Internet. It is used by email and it is used by the
Web. There ain't much else.
Observations that you don't "need" MIME in various circumstances or that
MIME is not used all the time are entirely true, but they again miss the
point. MIME is a relatively new standard and it is being adopted. "Being
adopted" means that its use in not total but that it is increasing.
Arguing that some people don't use it now is no argument against having it
as a basis for a new standards effort.
Paying attention to the installed based is very important. (It's even one
of the reasons that MIME sucks.) But "paying attention" does not mean
doggedly shooting oneself in the foot. As noted by others, you already
have other incompatibilities. This is either a problem or an opportunity.
PGP is about security. All of the wrapping and encoding mechanisms in PGP
were developed because none were available at the time it was first
developed. Things have changed. There are now standards to cover these
requirements. This means that PGP can focus on doing what it needs to do,
namely security, and it need no longer be burdened with assorted baggage
for segmenting and labeling the data or for protecting it against the
vagaries of transport.
MIME does all that.
Why would you want to perpetuate unique, non-standard ways of doing
something that is both already covered in existing standards which are in
real use and getting more used?
One argument for retaining the separate, PGP-specific mechanisms is that
they aren't very expensive. This shows a misunderstanding of the cost of
having multiple solutions to the same problem. Each can be incrementally
cheap, but the combination is a pain and, more importantly, is frequently
the source of software errors. Besides that, a single-implementation cost
that is small is made considerable more expensive when replicated across
many products.
Why not, instead, use the standards-based mechanisms for doing the
ancillary work, and then enjoy the opportunity to focus on the real
requirement, namely security?
d/
ps. I have the same line of argument against S/MIME's use of ASN.1, and am
intrigued to see whether this group is similarly uncooperative towards true
integration with Internet mail and web standards...
--------------------
Dave Crocker
dcrocker(_at_)imc(_dot_)org
Internet Mail Consortium +1 408 246 8253
675 Spruce Dr. fax: +1 408 249 6205
Sunnyvale, CA 94086 USA info(_at_)imc(_dot_)org ,
http://www.imc.org