On Fri, Mar 20, 2015 at 9:46 AM, Wyllys Ingersoll <wyllys(_at_)gmail(_dot_)com>
wrote:
MIME is fine for PGP over email, but do keep in mind that PGP is not
strictly used in email and using MIME is not necessarily helpful and is
possibly needlessly complicated in some of the other use cases (just
encrypting personal files and data at rest, for example).
Absolutely. Which is why PGP should be properly layered and abstracted
so that all the mail specific parts are in 'MIME' and all the
encryption parts are in the 'PGP' bit.
And if we are going to start talking about "PGP/MIME", then I think revising
RFC-3156 should be part of the discussion at some point. As it is stands
today, it is impossible to craft a proper "PGP/MIME" message unless your
mail client directly supports 3156. It requires special SMTP headers that
are usually set by the mail client and over which the user has no control
(and don't get me started on that extra "version 1" MIME section...).
Absolutely.
The stalemate has to end at some point. PGP does its own thing in too
many places. What we have is a description of a product rather than a
multi-vendor standard.
Winning means that everyone gets access to email encryption with full
control of their trust environment.
Tonight there are two crypto parties in my neighborhood where people
will be taught how to use PGP. This is really good and really sad. The
good part is that it shows that people are really interested in
getting crypto. The sad part is that the tools we have today require
user education. Teaching people how to use vim/PGP to send and receive
secure mail is actually a sign that we are doing something wrong.
Every browser comes with TLS built in and everyone uses it at least
some of the time. Every email client comes with an email encryption
solution but almost nobody uses it.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp