-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday 13 February 2002 08:44, disastry(_at_)saiknes(_dot_)lv wrote:
PGP/MIME is evil.
I disagree. pgp/miem isn't evil at all. It's the broken mail software
out there that is the problem. And I restate that deprecating pgp/mime
(or whatever this should lead to) will take the strain off of those
"vendors" to fix their "products"...
can not save message to disk and decrypt and/or verify later outside
MUA,
For "decrypt", this is usually wrong, since exactly one part contains
the encrypted data, the other only contains metadata, which is either
superfluous or could be translated into options for the OpenPGP backend
when decrypting...
So the real problem is signing:
The MUA could offer to convert the multipart/signed part to a
file/detached sig pair of files on save.
Remember: You can't also view asian text/plain, wihc is usually encoded
in base64, without the help of the MUA.
some virus checking software removes attachments,
which is broken behaviour...
does not work with many mailing lists (that are configured to remove
attachments),
those ml's are broken (since multipart/signed is _not_ an attachment).
does not work with web archives of mailing lists (for
example http://www.imc.org/ietf-openpgp/mail-archive/msg03690.html),
broken software used there, too.
does not work with newsgroups.
Care to explain what's the problem there?
So why are all those packages broken? Because pgp/mime is so rare that
they don't need to fix their stuff.
Marc
- --
Marc Mutz <mutz(_at_)kde(_dot_)org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8ajeN3oWD+L2/6DgRArrOAKCcP+SvN6sXtJDTFn8iVrLK3EUnegCePj2p
AhtyoZ0724pmBvNxC+2BpjU=
=o0f3
-----END PGP SIGNATURE-----