"Brian G. Peterson" <brian(_at_)braverock(_dot_)com> writes:
My concern with a 'supports' token is that this is probably/potentially
controlled by the MUA, not the user.
I'm not sure I agree with this view.
I believe OpenPGP should be an ultimately user controlled field, much
like From/To/Reply-To/Newsgroups etc are ultimately user controlled
fields.
This may (already has?) provide a loophole to MUA implementations
that don't want to support inline/partitioned. I'm very much in
support of a user preference notation packet, because this puts the
control in the hands of the key holder, and implies that MUA's
SHOULD (RFC language intentional here) support partitioned and mime.
Oh. It seems we do disagree.
I believe that inline/partitioned should never be recommended by any
RFC, at least without more specification. I believe RFCs should
clearly recommended against its use in e-mail because we have PGP/MIME
that, to my knowledge, solve all known problems, if implementors were
to actually support it. RFC 2440 does this correctly.
A question was raised earlier in this WG why 2440bis do not include
the same text, but I'm not sure there was consensus declared.
I'd be disappointed if IETF approved a standard that implied use of
PGP in e-mail in any other way than PGP/MIME.
If you are seriously proposing to make inline/partitioned a standard
scheme for PGP in e-mail, you should describe how it should be
implemented. I have experience with the inline style, and
non-deployed experience with the "partitioned"-style. The problems
that need to be addressed to make this a serious alternative is RFC
1991-compatibility wrt dash-escaping, interaction with non-ASCII (both
in bodies and PGP headers), trailing white space interaction with
format=flowed, interaction with QP and '-' and '=' in the PGP armor.
I'm not opposed to a 'supports' Header in the email headers. I am most
concerned with strengthening the language on user preferences in the key self
signature, as I think lack of clarity has been a big problem.
Agreed. More clarity is needed.
As an MUA implementor, I'm very concerned with the poor interoperability
caused by the current lack of clarity, so I want this strengthened for the
benefit of the users, who shouldn't need to worry too much about this if the
standard is clear.
Right.
If everyone implemented PGP/MIME we wouldn't have this problem.
I believe that standardizing inline/partitioned may turn out to be
more painful than implementing PGP/MIME.
To be clear: I'm not against the notation packet idea. I think it is
a great idea. But it shouldn't imply that the "partitioned" approach
is something which the IETF recommend. It should be seen as a way to
smooth the upgrade path into PGP/MIME.
Thanks,
Simon