Re: [openpgp] Can the OpenPGP vs. S/MIME situation be fixed?

Daniel Kahn Gillmor <> Sun, 03 July 2016 23:26 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2D78512D14F for <>; Sun, 3 Jul 2016 16:26:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id mNltTu-iWTKa for <>; Sun, 3 Jul 2016 16:26:24 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id A551B12D14A for <>; Sun, 3 Jul 2016 16:26:24 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTPSA id 668C6F98B; Sun, 3 Jul 2016 19:26:23 -0400 (EDT)
Received: by (Postfix, from userid 1000) id BA154202B6; Sun, 3 Jul 2016 19:26:22 -0400 (EDT)
From: Daniel Kahn Gillmor <>
To: Hanno Böck <>, IETF OpenPGP <>
In-Reply-To: <20160701153304.332d2c95@pc1>
References: <20160701153304.332d2c95@pc1>
User-Agent: Notmuch/0.22+69~gd812194 ( Emacs/24.5.1 (x86_64-pc-linux-gnu)
Date: Sun, 03 Jul 2016 19:26:19 -0400
Message-ID: <>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <>
Subject: Re: [openpgp] Can the OpenPGP vs. S/MIME situation be fixed?
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 03 Jul 2016 23:26:26 -0000

On Fri 2016-07-01 09:33:04 -0400, Hanno Böck wrote:
> IMHO a big problem with e-mail encryption is that there are two
> competing "official" standards: OpenPGP and S/MIME. Both are RFCs, so
> both have a kinda "official" IETF approval.
> I think it was a big mistake to create two competing standards in the
> first place, but that was back in the 90s. So we may ask if we want to
> live forever with this situation or if it can be fixed.

I agree with Hanno that this is a real concern, but we're currently
chartered with a simpler goal: revising the OpenPGP standard to use
sensible modern crypto going forward.  If we can do that well, then i'd
be all for thinking about a PGP/MIME update also, but i'd rather not
hold up 4880bis on this.

I think we should be clear about what it would take to do what you're
proposing; there are two main angles:

* certificate interoperability (OpenPGP certs vs. X.509 certs)

* message interoperability (PGP/MIME vs. S/MIME)

We should avoid foreclosing either form of interop with 4880bis, and if
simple modifications to 4880bis point the way toward easier future
interop without bogging down the process, including them would be fine.
But anything that obstructs or delays the goals of the charter should
probably be put off for future work.

(and remember: if we sort out 4880bis rapidly, "future work" doesn't
have to mean "the far future" -- let's show that we can get a
straightforward 4880bis done this year or early 2017 at the latest!)