[My apologies to the list for continuing this thread. I should know
better.]
On Wed, 26 Sep 2001, Karsten M. Self wrote:
Incorrect. There is no PGP/MIME support in Outlook, and the Eudora
PGP/MIME handling is less than perfect.
My information is different, though I've not used Outlook in some years.
Your information is wrong.
I know several people who do, one of whom also uses PGP, RFC 2015 MIME
encoded:
http://rmarq.pair.com/pgp/mail-clients-pgp.html
http://www.spinnaker.de/mutt/rfc2015.html
Did you bother to read either of those websites before citing them?
The first one states that PGP/MIME support in Outlook is Unknown to the
author.
The second states that it isn't supported, though the author of the page
has heard a rumor that it is. Do you routinely start debates based on
second hand rumors?
I'm unclear on what you are trying to demonstrate by referring us to those
pages. They contradict your beliefs.
...including MS Outlook Express (plugin) and MS Outlook (plugin),
It is not possible to do PGP/MIME with these apps. Take a look at M$'s
mail plugin API, and you will see why.
PKI Patent? Do elaborate on this for us.
Public key infrastructure.
Very good. I'm glad you know what the acronym stands for. That doesn't
change the fact that RSA doesn't have any patent on PKI. [Though yes,
I'm sure they have a slew of patents on specific features of their PKI
apps. If I don't say that, someone's going to nit.]
I was spooning from the top of my head. It's more generally known as
the RSA public key encryption patent, released by RSA September 6, 2000:
http://www.rsasecurity.com/news/pr/000906-1.html
My apologies. I sometimes forget that people can't hear me snickering when
I am sending email. You weren't expected to answer that question.
I don't have the patent number handy but could reference it for you if
necessary.
#4,405,829.
http://www.inet-one.com/cypherpunks/dir.2000.09.04-2000.09.10/msg00125.html
Seasoned members of the cypherpunks list are intimately familiar with
RSA's crypto patents.
There were doubtless other issues. The patent didn't help.
No, the patent was completely irrelevant. For non-commercial apps, there
was RSAREF. For commercial apps, BSAFE was available with a license. For
those who didn't want to deal with the RSA patent, there were other public
key algorithms. The Diffie/Hellman/Merkle patents expired years ago.
RSA (the company)'s patents may have caused developers to use algorithms
like DSS, ElGamal, and Diffie-Hellman rather than RSA (the algorithm), or
limited the adoption of Rivest's later algorithms (which were not nearly
as ground-breaking), but saying that a patent on one algorithm prevented
(or even significantly impacted) the adoption of cryptographic functions
in email clients is patently absurd.
BTW, S/MIME (with, *gasp*, RSA) has been available in most commercial mail
clients for years.
This will get you killfiled.
Im willing to risk that. Responses have varied, most people appreciate
the information (they simply don't know the inssues). Maybe one in ten
responds as you suggest. I try to provide compelling content, where
possible.
You've got arguments against signing? Again, pointers appreciated.
That isn't what this discussion is about. We've been talking about
arguments against signing in a manner incompatible with the tools the
majority of your readers are using, not arguments against signing in
general. Though there are plenty of those as well.
And again, my pointer: http://www.inet-one.com/cypherpunks/ in conjunction
with google.
We're on an English-language mailing list.
So you're going to disable all MIME handling in your mailer?
Once again, you're confusing the issue. MIME *handling* isn't what we are
discussing. MIME *creation* is. I am going to, and do, avoid sending MIME
attachments to public lists.
- It's not the root problem. The root problem is mail clients
which handle untrusted content in an insecure fashion. This
is like dousing 75% of the population with gasoline, then
placing match-confiscating personnel at the doors of all
public arenas. The problem isn't the matches. It's the
gasoline.
That's an absurd analogy.
That's an astounding proof.
Proof? No proof. All I see is hyperbole.
First of all, there is nothing insecure with the way RFC 2440 specifies
message creation. The benefits that PGP/MIME offers mainly take effect
when MIME is already being used for other reasons -- i.e., signing of
messages with attachments, etc.
PGP/MIME offers no benefits when it is a plain text ASCII email being
signed.
People who march around the net using incompatible, irrelevant, or
otherwise inconvenient protocols and subject others to the cruft these
protocols generate, all in the name of standards compliance and
standards evangelization are in fact hurting the greater cause.
Saying My email client follows the RFCs to the