At 12:42 pm -0800 2000-12-30, Rodney Thayer wrote:
At 08:06 AM 12/12/00 -0800, Jon Callas wrote:
>In our last episode ("Re: Dash-escaping and the Usenet sig convention",
>shown on 12/12/00), Werner Koch said:
>
> >The preferred way to encapsulate OpenPGP messages in mail is by using
> >MIME as defined in RFC2015. No need for the old fashioned cleartext
> >signing.
>
>I disagree completely. The correct way to encapsulate messages is with
>cleartext. I often delete PGP-MIME messages without reading them because
>it's such a pain to deal with them.
I agree with Jon on this. Insisting that the world suddenly change
to MIME is not helping the adoption of PGP, in fact, it makes it harder
as people tend to delete these nasty MIME messages. It's even worse with
windows, as the (almost unreadable) "...ems" message looks annoyingly
similar to a (usually unreadable) SMIME message. I too tend to
delete these messages, as they are functionally equivalent to spam.
I think we should be be building systems that INCREASE the usage of
this technology, not decrease it.
I agree it's the MUA's job to handle this civilly, but until that
happens, the cleartext solution is much more likely to be usable in
the real world.
Alas, Jon and Rodney, sometimes it is die-hard positions brought on
by inflexible opinions (present company excluded, of course ;)
--rather than new solutions responding to technological challenges
and requiring minimal adoption/implementation efforts-- that
represent the real hindrances to crypto deployment.
Whining about .EMS attachments, not to mention trashing them
literally and figuratively as you're doing, solves nothing. It also
ignores the easy workaround. It's like complaining that some people
send you faxes when you prefer email. Buy a fax machine! By
complaining that, just because a common extension isn't yet supported
by MUA devs, this "decreases" usage, you're basically just
illustrating the real problem: refusing to help because of narrow
vision. Instead, why not try calling one of your friends at M$ and
spending five minutes asking her/him to approve the week (max) of
engineering effort it would take to support OpenPGP/MIME. If I can
think of a business case, you certainly could if you tried.
Of course, I admit I may be slightly biased, as a co-author of two
new OP/M (acro-pun intended ;) drafts, one which supercedes RFC2015,
the other adding a useful and basic feature to OpenPGP/MIME (parallel
sigs _could_ be a major benefit to MUA implementors if they had any
vision at all).
In any case, legacy clear-sigs cannot not solve some of our more
"modern" problems and are not usable in the real world because users
(even you, apparently) can't figure out how to open the attachment
and decrypt. Further, the world is moving forwards, not just
sideways. IMHO, the two of you need to get with The Program and
encourage OP/M adoption rather than making this sound like another
religious ASCII-zealotry battle. I like ASCII, even prefer it, but I
live in a real world with >ack-pfft< various file formats... and
those annoying faxes.
dave
_______________________________________________________________________
"I'm a 'peripheral visionary' ...that means I can see clearly into the
future ...but only way off to the side." --Stephen Wright