[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenPGP vs. OpenPGP/MIME

To: ietf-openpgp@xxxxxxx
Subject: Re: OpenPGP vs. OpenPGP/MIME
From: David Shaw <dshaw@xxxxxxxxxx>
Date: Thu, 24 Jan 2002 16:45:34 -0500
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Mail-followup-to: ietf-openpgp@xxxxxxx
References: <>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: Mutt/1.3.26i

On Thu, Jan 24, 2002 at 12:14:31PM -0800, Jon Callas wrote:
> 
> Let me state off the bat that I'm taking off any official hat as
> author/editor/expert I might have. This is my personal opinion as a
> computer user who uses OpenPGP.
> 
> I'm distressed by the opinion that I have heard (usually second or more
> hand) that somehow base OpenPGP in 2440+ is deprecated, uncool, or
> something, and that the way to go is OpnPGP/MIME.

I think at least some of those opinions are based on section 2.4 in
2440bis:

   Note that many applications, particularly messaging applications,
   will want more advanced features as described in the OpenPGP-MIME
   document, RFC2015. An application that implements OpenPGP for
   messaging SHOULD implement OpenPGP-MIME.

Statements like "many applications, ... will want more advanced..",
and "SHOULD" imply (to my eye) "This is what I should use.  The other
way must not be as good, or the RFC wouldn't have told me I SHOULD use
this."

> MIME-coded messages have great uses. But alas, even to this day, there are
> lots of uses of them that aren't quite ready for prime time. Let's face it
> -- the majority of mailers don't do MIME correctly, and if I have to pry
> apart attachments to get to a clearsigned signature just so I can
> re-assemble the thing in a text editor so I can check the signature, I'm
> probably not going to do it.

I actually like PGP/MIME quite a lot - it handles painlessly a lot of
fussy details that otherwise I'd have to handle.

I stopped using it when I found myself in a corporate environment
where the majority of people were using various corporate mailers that
blew up in various odd ways with it.  I'm sure this isn't a PGP/MIME
thing - they'd have blown up with any MIME they didn't understand, but
while a regular clearsigned signature can be ignored by those people
that either don't care or don't use PGP, a PGP/MIME message does not
always degrade quite so gracefully.

David

-- 
David Shaw          |  Technical Lead
<dshaw@xxxxxxxxxx>  |  Enterprise Content Delivery
617-250-3028        |  Akamai Technologies

Follow-Ups:
- Re: OpenPGP vs. OpenPGP/MIME
  - From: Simon Josefsson

References:
- OpenPGP vs. OpenPGP/MIME
  - From: Jon Callas

Prev by Date: OpenPGP vs. OpenPGP/MIME
Next by Date: Re: OpenPGP vs. OpenPGP/MIME
Previous by thread: OpenPGP vs. OpenPGP/MIME
Next by thread: Re: OpenPGP vs. OpenPGP/MIME
Index(es):
- Date
- Thread