[Top] [All Lists]

Re: "Yes, I can handle PGP/MIME"

2004-04-25 07:57:06

On Sat, 2004-04-24 at 11:59, Len Sassaman wrote:
We have MUAs claiming "inline messages" are "old-format" and
deprecated, and we have users generating PGP/MIME messages which cannot be
processed by their recipients. Obviously there's a need for a means of
expressing this preference -- the GnuPG authors are asking for it, and the
PGP authors have already gone ahead with their own hack.

I think this is the core problem that requires a solution.  RFC 3156
doesn't deprecate inline messages, and I would like to see a way of
making it clear that MUA's that refuse to decrypt/verify in-line
messages are *not* compliant with the OpenPGP standard set forth in
RFC2440bis because the can't verify/decrypt valid OpenPGP data.  

As an implementor, I don't care whether it is in the notation or in a
data packet.  notation is easier for human-parsing, and only marginally
more difficult for machine parsing.  A data packet cannot be parsed by a
human reader, so adoption will be slowed until at least GnuPG and
Commercial PGP release versions that support the new standard.  I think
that is the central trade-off.

Any future revision of RFC3156 will need to take into account
verification of message data or signatures outside of MUA's as well, but
that is another topic for a different thread.


   - Brian

<Prev in Thread] Current Thread [Next in Thread>