"Brian G. Peterson" <brian(_at_)braverock(_dot_)com> writes:
On Sunday 16 January 2005 05:04 am, Simon Josefsson wrote:
Jon Callas <jon(_at_)callas(_dot_)org> writes:
* I think the other open question you have, as to whether someone wants
MIME encodings or not is much more important. At PGP, we're starting to
code that into the certificates themselves, so the encryption mechanism
can do the right thing.
I realize it is a big issue, and potentially a contentious one.
I'd hate to see disagreement on this part stop the document, though,
so if consensus on this matter cannot be reached, I think we should
simply drop it.
I would very much like to see the approach that Jon and Hal have outlined of
putting the preference in a notation packet on the key self signature be put
into the RFC, and made official.
This issue is extremely important, and the proposed solution is well thought
out, and easy to understand and implement. Lack of guidance on this issue in
the standard has already led to unnecessary incompatibilities between mail
implementations. Let's get that resolved with the new standard.
I agree completely.
The OpenPGP: header does not yet include a "supports" token, so this
is an open issue. I wasn't aware of Jon and Hal's proposal when I
mentioned "supports" as an open question, nor when we discussed this
problem with MUA implementors earlier.
Perhaps we can get some input on the viability of a "supports"-token
in the OpenPGP-header by resolving the following question:
Will the proposed notation packet scheme be sufficient to tell whether
MUAs should use PGP/MIME, plaintext PGP, or the "partitioned" scheme,
in every situation that MUA users care about?
For encryption, the question seems clear. You need the key to
encrypt, and the notation packet tell you which PGP-in-mail style to
use.
For signing, the answer is not so clear to me. I'm not sure there are
no situations where you want to send signed mail, but doesn't posses,
or care about, the recipients keys, but do wish to follow a loose
recommendation on which PGP-in-mail style to use. In theory, for
signing, you might not even know who the recipients are, so you can't
inspect a notation packet. But you may be sending mail to a mailing
list that require signed messages, that add 'OpenPGP: supports=mime'
to all posts to signal what kind of PGP-style to use.
Fundamentally, what I'm asking is whether the notation packet solve
all problems that a "supports"-tokens in the OpenPGP: header would.
If it does, then I don't think we shouldn't have a "supports"-token.
If it doesn't, then I don't see what harm it would cause by adding it,
and I'd probably would support adding it.
Thanks,
Simon