ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: The case against redundancy and isolation

1997-11-20 03:29:00
from [Ian Brown] [Permanent Link] 
Jeremey Barrett wrote:
 

Let me clarify my position a bit. I think MIME is great, and PGP/MIME
is great. Both are necessary and I even use them from time to time.
However, I _don't_ use them for most email, by choice, because it
simply isn't useful.


I think several people have already given good reasons why they are
useful to *them*. Their utility will improve in time, as Dave Crocker
has already said. We *certainly* don't want to have to keep developing
armour in parallel to MIME every time a new feature (e.g. Unicode) is
needed.


There is an awful lot of utility in ASCII armoring, and it would be
unfortunate to "standardize" it out of future PGP implementations.
Especially considering how bloody easy it is to implement, relative
to PGP/MIME.


Really, you shouldn't have to do much work at all to implement MIME. The
mailer should be able to handle 99% of the encoding. You should be able
to say "Here is some binary data; its MIME type is x" - and that's all
there would be to it.

As Dave said:


One argument for retaining the separate, PGP-specific mechanisms is that
they aren't very expensive.  This shows a misunderstanding of the cost of
having multiple solutions to the same problem.  Each can be incrementally
cheap, but the combination is a pain and, more importantly, is frequently
the source of software errors.  Besides that, a single-implementation cost
that is small is made considerable more expensive when replicated across
many products.


I occasionally send GIF files to people by e-mail. The only way to do
this is to use a MIME attachment. There aren't specifications for "GIF
armour" anywhere.


I want to be able to send secure email to people who don't use MIME,
that is a very useful feature of PGP in the context of email, and I 
don't see any reason at all to not include ASCII armoring in the draft.

 
I agree. In the appendix is fine.


Yes, PGP is about security, and requiring PGP users to use MIME mail
readers does not result in an increase in security. Quite the
opposite.


Could you please describe to us the security holes in MIME, and why they
are not present in Armour?

Ian
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: The Case Against MIME, Harald . T . Alvestrand
Next by Date:  Re: The case against redundancy and isolation, A. Padgett Peterson P.E. Information Security
Previous by Thread:  Re: The case against redundancy and isolation, Jeremey Barrett
Next by Thread:  Re: The case against redundancy and isolation, Thomas Roessler
Indexes:  [Date] [Thread] [Top] [All Lists]