I have repeatedly found it useful, even in recent times, to cut/paste
ASCII-armored messages on my mobile. Am I a Neanderthal?
On Mar 17, 2015 3:05 PM, "Peter Gutmann"
<pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz> wrote:
Jon Callas <jon(_at_)callas(_dot_)org> writes:
Certainly the ASCII Armor checksum is something that could go, since we
don't
need to worry so much about modem line noise. :-) But you have to know
enough
to ignore it.
It's not just the checksum, the entire ASCII armoring should have been
discarded years, no decades, ago. The whole thing was originally
implemented
because facilities like FidoNet and Usenet didn't handle binary messages,
and
the checksum was because things like 2400bps modems (pre-MNP) on the DOS
PCs
that PGP 1 was written for wouldn't cancel out line noise, so it was
useful to
check for inadvertent message corruption before you warned about invalid
signatures.
The MIME standard (going back to RFC 1341) is over 20 years old and pretty
much everything supports it, but PGP persists with something from even
earlier
(PEM, from 1987, that's nearly 30 years ago). It's not just "a museum of
1990s crypto" (thanks to Matthew Green for the great quote), it's also a
museum of 1980s and 1990s everything-else. The entire discussion of "ASCII
armour" should have been replaced with "use a mechanism like MIME" years
ago.
(Oh, and by "MIME" I mean proper use of MIME, not "wrap PGP-PEM in MIME
headers and pretend it's MIME", RFC 2015/3156).
Peter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp