On Sat, 2004-04-24 at 11:59, Len Sassaman wrote:
We have MUAs claiming "inline messages" are "old-format" and
deprecated, and we have users generating PGP/MIME messages which cannot be
processed by their recipients. Obviously there's a need for a means of
expressing this preference -- the GnuPG authors are asking for it, and the
PGP authors have already gone ahead with their own hack.
I think this is the core problem that requires a solution. RFC 3156
doesn't deprecate inline messages, and I would like to see a way of
making it clear that MUA's that refuse to decrypt/verify in-line
messages are *not* compliant with the OpenPGP standard set forth in
RFC2440bis because the can't verify/decrypt valid OpenPGP data.
As an implementor, I don't care whether it is in the notation or in a
data packet. notation is easier for human-parsing, and only marginally
more difficult for machine parsing. A data packet cannot be parsed by a
human reader, so adoption will be slowed until at least GnuPG and
Commercial PGP release versions that support the new standard. I think
that is the central trade-off.
Any future revision of RFC3156 will need to take into account
verification of message data or signatures outside of MUA's as well, but
that is another topic for a different thread.