-----BEGIN PGP SIGNED MESSAGE----- On Tue, 25 Sep 2001, Karsten M. Self wrote:
I refer you to RFC 2440:
I'm quite familiar with these documents, thank you.
Thanks.
A few points:
- It's not that Mutt doesn't play well with others (and yes, I'm aware
No, it's Mutt users who don't play well with others.
Actually, plug-in support for a range of mailers is available for most mainstream products and platforms, including both MS Outlook and Eudora (two most frequently cited apps).
Incorrect. There is no PGP/MIME support in Outlook, and the Eudora PGP/MIME handling is less than perfect.
- RSA is almost certainly partially to blame for this. The RSA PKI
"PKI Patent?" Do elaborate on this for us.
patent only expired in September of 2000. If this patent hadn't existed, widespread use and implementation of crypto support in mail tools would be fait acompli, and discussion of legislation such as the Anti-Terrorism Act of 2001 would be largely moot.
Oh really? Gee, I thought it perhaps had something to do with the draconian export regulations, the ease-of-use problems with crypto, or the fact that most mail users "don't feel the need" for encryption. I had no idea that RSA's "PKI patent" was to blame. Really, I can't think of any alternative public key algorithms. Not to mention that many companies had licenses to use BSAFE, and RSAREF was available...
- Your mailer is broken. - This is your problem, not mine. - File a bug report with your vendor.
This will get you killfiled.
<...>
So, Why Do You Insist On Signing Your Mail Anyway?
How long have you been using PGP/OpenPGP? You are exhibiting the typical zeal of a new user, who has only become partially acquainted with the issues at hand.
It's been suggested variously that I sign messages inline, or in some instances, that mailing lists drop all MIME-encoded attachments. I believe this is the wrong solution for two reasons:
- It breaks useful behavior. MIME attachments *can* provide useful information, including support of non-ASCII charactersets, required for basic communications in much of the world[...]
We're on an English-language mailing list.
- It's not the root problem. The root problem is mail clients which handle untrusted content in an insecure fashion. This is like dousing 75% of the population with gasoline, then placing match-confiscating personnel at the doors of all public arenas. The problem isn't the matches. It's the gasoline.
That's an absurd analogy.
Palliative measures to reduce the apparent risk without addressing the actual cause mask the problem without fixing it. If sufficient people feel the pain, we'll eventually see changes either to client behavior or choice.
I'm halfway through this babbling diatribe, and I'm still not seeing *any* compelling arguments for using PGP/MIME for mailing list mail (which is, if I may remind you, the issue at hand.)
- My general suggestion to list maintainers is that policies be set on what MIME encoding is or isn't allowed. Content filtering based on
Actually, I'm on this particular list partially because of the MIME stripping policy. I'm very happy with it, and I suspect many others are. If you aren't happy with it, feel free to run your own node. Choate can give you the details on that.
- I'll put in a vote for suggesting the cypherpunks list support broader adoption of encryption standards by allowing and supporting RFC 2015 signed messages.
To be clear: RFC 3156 is useful. In particular, the multiple signatures specification (an ID that adds to the 3156 functionality) could have a lot of useful applications. But being standards compliant is worth little if your application is the only one following that particular standard. If you're on the Mutt mailing list, go ahead and use PGP/MIME. In the real world, use what your readers can handle. - -MW- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: pgpenvelope 2.10.0 - http://pgpenvelope.sourceforge.net/ iQEVAwUBO7F4lSsFU3q6vVI9AQGDqwf/ekCbtvRnIp1XIjJtSHDXOQtkjT0tjqaI jdwJeAIkWOQAHFehTcytmD1UBDx6nhyLsss47SX0uCR/7oEDqCjsU1PVyIYdqm4d +kA2h/VJPsbCiXwQRdsAnoWF4io4CrGdRuzlXuZXz+KTA9w+Zd8urCdfHyPIGPan o+W+66opSyBxvO2hUblIgFOURyYtxmnKgV+phcXV3QwTbQwzZ9qds4W/8HGXFP5s Z8YO/oM1iP5zlNC5ie2J+/8o8WtYGBJOWGB7KMr59Uxg3kH1qZkJ9dclFTcHoRJQ YioLxIX8mvz11bMfzC0P1+Wc/ulPGLDiTisXqe5Q8X7lvo3ZAq6CrQ== =c7iW -----END PGP SIGNATURE-----