On Thu, Jan 24, 2002 at 12:14:31PM -0800, Jon Callas wrote:
Let me state off the bat that I'm taking off any official hat as
author/editor/expert I might have. This is my personal opinion as a
computer user who uses OpenPGP.
I'm distressed by the opinion that I have heard (usually second or more
hand) that somehow base OpenPGP in 2440+ is deprecated, uncool, or
something, and that the way to go is OpnPGP/MIME.
I think at least some of those opinions are based on section 2.4 in
2440bis:
Note that many applications, particularly messaging applications,
will want more advanced features as described in the OpenPGP-MIME
document, RFC2015. An application that implements OpenPGP for
messaging SHOULD implement OpenPGP-MIME.
Statements like "many applications, ... will want more advanced..",
and "SHOULD" imply (to my eye) "This is what I should use. The other
way must not be as good, or the RFC wouldn't have told me I SHOULD use
this."
MIME-coded messages have great uses. But alas, even to this day, there are
lots of uses of them that aren't quite ready for prime time. Let's face it
-- the majority of mailers don't do MIME correctly, and if I have to pry
apart attachments to get to a clearsigned signature just so I can
re-assemble the thing in a text editor so I can check the signature, I'm
probably not going to do it.
I actually like PGP/MIME quite a lot - it handles painlessly a lot of
fussy details that otherwise I'd have to handle.
I stopped using it when I found myself in a corporate environment
where the majority of people were using various corporate mailers that
blew up in various odd ways with it. I'm sure this isn't a PGP/MIME
thing - they'd have blown up with any MIME they didn't understand, but
while a regular clearsigned signature can be ignored by those people
that either don't care or don't use PGP, a PGP/MIME message does not
always degrade quite so gracefully.
David
--
David Shaw | Technical Lead
<dshaw(_at_)akamai(_dot_)com> | Enterprise Content Delivery
617-250-3028 | Akamai Technologies