PGP/MIME messages composed of multiple encrypted parts, e.g. for attachments
[This is perhaps not really the right place to make this issue, and definitely unchartered for now, but I wanted to have a place to link to from the draft charter.]
Currently, a PGP/MIME message can consist only of a single encrypted part. This complicates things when incrementally drafting a message, for example; e.g. when adding an attachment, the entire message (including the new and existing attachments) needs to be encrypted and uploaded (if stored on the server) again; and when editing the text of the draft, all existing attachments need to be re-encrypted and uploaded again as well.
To fix this, we might want to consider updating RFC 3156 (or defining a new format) that allows encrypting the various parts of a message (e.g. attachments) separately.
If we're worried about revealing the structure of the message to the receiving server, we could encrypt (the already encrypted parts of) the message again, potentially on the sending server side.
(Hiding the structure of the message from the sending server is much more difficult if we're storing the draft on the server, even with existing PGP/MIME, as adding an attachment and then uploading the new draft pretty much reveals the size of the new attachment anyway.)