From: John Dlugosz
I agree that the wording doesn't belong in this document. "this is the
format document". If it is going to subsume the other, why not just make
one document? I see a similar situation with deflation vs. zipfile format.
A forward cross-reference might not be out of line, though. Perhaps a "see
also", as opposed to anything that could be misunderstood as a subsumation.
--John
Jon Callas <jon(_at_)callas(_dot_)org>@mail.imc.org on 04-15-2002 07:38:13 PM
Sent by: owner-ietf-openpgp(_at_)mail(_dot_)imc(_dot_)org
To: Werner Koch <wk(_at_)gnupg(_dot_)org>, ietf-openpgp(_at_)imc(_dot_)org
cc:
Subject: Re: bis04
At 4:35 PM +0200 4/15/02, Werner Koch wrote:
Hi!
Removing this requirement is a bad thing because a reader might get
the impression that PGP/MIME had been consired to be a failed idea.
This is definitely not the case and can't stress enough how important
PGP/MIME is. The fact that some mail clients are not able to support
it is a pitty but not a reason to drop PGP/MIME.
I wrote a grumpy note earlier this year about this issue.
The reason I dropped it is because some implementers claim that base
OpenPGP with armoring is deprecated. This is *not* the case.
I support OpenPGP/MIME. I think it's a great idea. But I am sick of not
being able to verify messages because some implementers think that
OpenPGP/MIME is the only way to go.
I support anyone who puts in MIME encoding as an *option*. It isn't
mandatory.
The problem is that some people don't understand the difference between
SHOULD-implement and SHOULD require all users to use. Our illustrious area
directors have gone on long dissertations about the difference between
implementing and forcing users to use.
If an implementer who politically wants to support the cause of security
multiparts chooses to do so, more power to them. But when the implementer
responds to people who want to do armoring with, "Hey, don't complain to
me, complain to the standards guys who *FORCE* me to do it" (which someone
has said to me and other people), then we part company. And since I'm the
aforementioned standards guy who allegedly is holding a gun to said
developer's head, I can do something about it.
I thought long and hard about just the right thing to say that would say
"I'm okay, you're okay" and couldn't come up with one. So I thought nothing
was the best thing to say. After all, this is the *format* document. It
lays out the bits. If an implementer wants to receive 3DES but never emit
anything but AES, that's their choice. Similarly, if an implementer wants
to always emit OpenPGP/MIME, that's their choice. But I don't want to be
holding the bag for either of them.
If you can come up with wording that says MIME is great, but so is
armoring, send it and I'll look at it.
Thanks for releasing the draft, Jon.
You're welcome.
Jon