But the email is readable, it has a link to a message online. It is not a change to the standard, since it's in the body, where you can write whatever you like. In fact, it's not even unprecedented, because Cisco has been offering this exact same type of system for years generally for PHI and other sensitive uses.
My bank send me a "Secure Cisco Message". That I think was In response to a web message support request. They didn't tell me in what form to accept the response.
It was a message with instructions to save the .html attachment to your hard drive and open it there. It included tons of obfuscated Javascript.
Without opening the message I replied back and told them "Nope. We're not going to communicate this way, this is irresponsible and dangerous."
Yep, they couldn't have made that message look more like phishing if they tried - including poor HTML formatting of the email body. This is how you really know that GPG has failed.
If it were just a URL, even an HTML-enabled client would show just the link. I assumed that it must be embedded content, which would be rendered as a normal-looking message.
Maybe it's both. But even so, I'd just see the link. And generally, I ignore blank messages containing links.
Also, it's not uncommon for email list software to strip HTML, and I doubt that it would decode the HTML before doing so.
So maybe I'll be replying "Why did you send me an empty message?"
And maybe some email list software will have the same problem.