[Top] [All Lists]

Re: let's look... Re: Standardizing inline PGP for e-mail?

2003-01-24 09:09:46

Hash: SHA1

David Shaw wrote:
I think in general that creating a new subtype of text to solve this
problem is a non-starter.  Part of the original problem was that not
enough mailers supported PGP/MIME (or indeed, MIME in general)
sufficiently well.  I suspect that using a new subtype will eventually
end up as "PGP/MIME lite" and will similarly not be supported.

The point is that the "lite" form is displayed reasonably even in
agents that don't "support" it.  They show it as text.  When
confronted with multipart/signed, some agents display the pieces
as attachments or not at all; this makes reading the text painful,
and verifying the signature manually even more so.

For agents that do support PGP/MIME, yes, this is another thing
that they might want to understand.  If one doesn't, then it may
appear to have taken a step backward *when confronted with one
of these "lite" messages*.  A small step, in my opinion.

Once again, Thomas should correct me if I'm wrong, but I don't
think this is intended as a replacement, or even as a default.
It's an *option* for senders that know that they are sending to
receivers that can't (or don't want to) handle PGP/MIME.
It would just be nice if all the agents that offered such
an option did it the same way; that lets smart receivers still
get some of the benefit.

Adrian 'Dagurashibanipal' von Bidder <avbidder(_at_)fortytwo(_dot_)ch> wrote:
Additionally, specifying inline PGP could make Software vendors even
more reluctant to support PGP/MIME properly. Why not make it absolutely
clear that PGP/MIME is the only form of PGP in email mailers are
supposed to use.

While it's possible that some vendor will choose to implement only the
"lite" form on the receiving side, I think it's far more likely
that they will implement neither, official PGP/MIME, or both.
The most likely implementors are people who've already built
PGP/MIME support.

If I believed Adrian's premise, then I might believe in enforcing
"the full standard or nothing at all", but I don't.  I might enforce
it if legacy agents weren't caused such grief.  But they are, and
I find it hard to stand on principle in the face of obvious pain.

Version: PGP Personal Privacy 6.5.3


<Prev in Thread] Current Thread [Next in Thread>