Adam Back wrote:
Doesn't seem like a big deal implementation-wise -- the complexity
saving of removing the checksum probably more than compensates for
having to output and parse a fixed Content-Type: string.
I don't think it is a big deal implementation-wise either. It is
deployment that is my concern. Changing all those servers over,
changing all the scripts over, upgrading all pgp script copies to handle
mime because they can no longer get the AA keys from where ever they got
them from before.
All those interoperability issues can be solved in one of two ways: by
having one software source (as in pgp2.6 up to nowish) and by having a
standard that insists on interoperable feature sets.
We write standards to solve the problem of interoperability in the
absence of common source. We do not write standards to make it easier
to implement, except as a secondary opportunity.
As interoperability is the issue, IMNSHO, and everything that is out
there with the label PGP attached to it uses Armour, then Armour it is.
Add MIME to the standard if we believe this is the "way to go" by all
means. But that's in the opportunity basket, not the interoperability
basket. People like Dave Crocker are going to be possible proven
"right" by events here But this is small change compared to the cost
of breaking the current user base, no matter how "wrong" it might be.
--
iang systemics.com
FP: 1189 4417 F202 5DBD 5DF3 4FCD 3685 FDDE on pgp.com