GPG support in Mahogany

[David Shaw]

On Thu, Dec 12, 2002 at 01:14:09AM +0100, Ingo Kl=F6cker wrote:
Content-Description: signed data
> On Wednesday 11 December 2002 03:25, David Shaw wrote:
> > Oh no, don't do that.  Even if PGP/MIME is better in every single
> > detail than plain inline messages, there is one crucial factor: plain
> > inline messages are supported in every mail client back to (and
> > including) /bin/mail.  Even this many years after its creation,
> > PGP/MIME is still only supported in a very few clients.
>=20
> And therefore it's time to push PGP/MIME. Else this will never change.

Agreed, but pushing PGP/MIME should not mean dropping support for
inline.

> >  Inline doesn't blow up when run through an archiver,
> > and PGP/MIME usually does.
>=20
> Is this PGP/MIME's fault? No, it's the archiver that needs to be fixed.

Agreed, but this has not happened yet.  It's not PGP/MIME's fault, but
it's an example of something that PGP/MIME makes worse.

> > Perhaps the whole world will be PGP/MIME someday, and I'm sure that
> > will be wonderful as PGP/MIME handles many important things that
> > inline can't (like non US-ASCII character sets), but it's not time to
> > stop supporting inline yet.
>=20
> 90+% of the world's population need support for non US-ASCII characters=
.=20
> But is there really a problem with non-ASCII charsets? I've been=20
> clearsigning my messages for a couple of years. And so far there wasn't=
=20
> any problems except that a few times some broken MTA stripped the 8th=20
> bit off of 8-bit characters. The solution to this problem is to always=20
> use quoted printable instead of 8bit as content transfer encoding.

Hmm.  I thought I had heard there was a problem with clearsigning... I
don't have much experience with this problem since I pretty much use
US-ASCII all the time.

> But PGP/MIME is crucial for signing/encrypting messages with=20
> attachments. That's simply not possible with OpenPGP.

Yes.

> Don't using MIME just because some mail clients don't support it=20
> (correctly or at all) is no solution. Someone has to force the=20
> developers of those mail clients to support it correctly (namely the=20
> users which can't view some/any MIME message, which can't verify=20
> PGP/MIME messages, which can't sign/encrypt attachments). And if the=20
> developers refuse to fix their product then it's time to choose a mail=20
> client which does support MIME and PGP/MIME. That's called evolution=20
> (no pun intended, I'm a developer of KMail which finally supports=20
> PGP/MIME). The less supportive mail clients die and better more=20
> standard compliant mail clients rise.

I agree with all of this (I use a PGP/MIME capable client myself, and
would probably use something else if mutt wasn't PGP/MIME capable),
but I don't think that the world is ready to switch over to
exclusively PGP/MIME any time soon.  In the interim - and that interim
may be long - mail clients really need to support both PGP/MIME and
inline.

I'm sure it would hasten PGP/MIME adoption if all inline would
disappear tomorrow, but what is good for adoption of PGP/MIME may be
very bad for adoption of encryption in general.  "The perfect is the
enemy of the good".

David

--=20
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.co=
m/
+------------------------------------------------------------------------=
---+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson