Re: "Yes, I can handle PGP/MIME"

["Brian G. Peterson" <brian@xxxxxxxxxxxxx>]

On Sat, 2004-04-24 at 11:59, Len Sassaman wrote:
> We have MUAs claiming "inline messages" are "old-format" and
> deprecated, and we have users generating PGP/MIME messages which cannot be
> processed by their recipients. Obviously there's a need for a means of
> expressing this preference -- the GnuPG authors are asking for it, and the
> PGP authors have already gone ahead with their own hack.

I think this is the core problem that requires a solution.  RFC 3156
doesn't deprecate inline messages, and I would like to see a way of
making it clear that MUA's that refuse to decrypt/verify in-line
messages are *not* compliant with the OpenPGP standard set forth in
RFC2440bis because the can't verify/decrypt valid OpenPGP data.  

As an implementor, I don't care whether it is in the notation or in a
data packet.  notation is easier for human-parsing, and only marginally
more difficult for machine parsing.  A data packet cannot be parsed by a
human reader, so adoption will be slowed until at least GnuPG and
Commercial PGP release versions that support the new standard.  I think
that is the central trade-off.

Any future revision of RFC3156 will need to take into account
verification of message data or signatures outside of MUA's as well, but
that is another topic for a different thread.

Regards,

   - Brian