North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Cisco and the tobacco industry

  • From: JC Dill
  • Date: Sat Jul 30 20:36:15 2005 
Roy Badami wrote:

    Geo> Gee, it must be nice to be in the top 10% of the smart
    Geo> people. Why don't you suggest Valdis aim for the top 5% and
    Geo> figure out how Mr. Jeffrey I. Schiller manages to post using
    Geo> debian PGP signed messages that don't appear as attachments?

Having just taken a quick look, it appears the messages you like are
just plain text with PGP markup, and the ones you don't are
multipart/signed.

IIRC correctly any unrecognized multipart subtype is supposed to be
rendered as multipart/mixed, so you should see the message fine,
though the signature will probably appear as an attachment.
In an "open discussion forum" where unknown (lurker) participants may be using any type of mail client, the only appropriate message format is plain text and that includes messages that are PGP signed. If you feel the need to PGP sign your post, the PGP .sig should be in plain text in the message body, not attached. PGP .sig multipart/mixed attachments should be restricted to use in private email (or private lists) where you know the other parties are using a mailer capable of handling the attachment type.

(R. Thayer (see RFC 2240) agrees with this position, BTW.)

Don't bother quoting other RFCs, just because a standard exists for attaching "something" to email doesn't mean that DOING that in email to a discussion list is appropriate - for instance on this list it has been agreed that HTML attachments are not appropriate - and PGP attachments aren't appropriate either. Plain text works. Use it.

If you're seriously suggesting that all signing of messages should be
done entirely in-band within a plain-text message then, well, I
disagree...  And so do Microsoft (IIRC they support S/MIME)
You think that because Microsoft does it this way, it's supposed to BE that way? What's the point of having standards if we are going to let a monopoly company force their capricious software design choices on the rest of us? Heck, we might as all start sending HTML email then, since AOL decided that should be the default, what, 5 years ago?

<sigh>

jc