ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Armour

1997-11-21 23:49:00
from [Kent Crispin] [Permanent Link] 
On Fri, Nov 21, 1997 at 09:05:21PM -0800, Dave Crocker / IMC wrote:

Kent,

Well, how about this?  Opposite sides of the fence...


Not really -- I don't have a position on this.  But it seems that it's
being debated as a religious issue, rather than a technical one.  That
is, you assert that mime solves the full pgp problem domain; others
assert that there are areas that mime doesn't address.  You seem to be
taking the tack that these individuals are reacting in a patently
reactionary mode, and express a lot of frustration over it. 

There is a real possiblity that you indeed *are* dealing with purely
reactionary thinking.  But there is also the possibility that "the
other side" has a valid intuition that they aren't expressing well, or
that you just aren't hearing -- they aren't dumb, you know.  If there 
are valid reasons for ascii armor, then it would be good if they are 
brought out.


At 04:47 PM 11/21/97 -0800, Kent Crispin wrote:

 It is quite possible that
"simple" mailers will persist for another 10 or more years. 


This is certain to be true, but is a likelihood which needs to be used
carefully.  For example, why project that the MUA will be unchanged but
that fancy new encryption sofware will be added?


I'm not thinking that fancy new encryption technology will be added. 
Someone could produce a standard compliant simple OP application next
year, and it could be in use for another 10 years. 


More importantly, why
jerk the standards specification around to accomodate that particular
scenario?


Why do you view it as "jerking around"?  It is a completely valid 
thing for a standard to codify an existing practice, is it not?


If they want new security technology, why is it unreasonable to
require that relevant additional capabilities be added.


There's an "if" there.  I'm not sure that the sole purpose of the 
standard is to define "new security technology".

[...]

The claim is that PGP has uses independent of the net [so IETF
standardization?] -- that is, independent of the problem of
transmitting data securely over the net; and it really may be that


The IETF does interchange standards, not file standards.


Indeed.  But half the functionality of PGP has to do with files, not
interchange.  If I encrypt something on disk, that's not an
interchange.  That something may be transported by ftp, or kermit, or
any number of ad hoc transfer protocols, instead of smtp or http.  


MIME is not the best way to support *those* uses. 


The sun might not come up tomorrow, to.  "Might" is a mighty weak approach
to debating technical choices.  If there is a specific problem with MIME
for specific situations, let's hear about them and look at them.


I believe that Hal Finney did just post a lengthy post on this very topic.


Across the many messages on this topic, the arguments for retaining
amouring seem to be using cases which are irrelevant to IETF work,

                                            ^^^^^^^^^^^^^^^^^^^^^^^ 

This is precisely the point of my bracketed comment above -- some
parts of pgp *are* irrelevant to IETF work, I believe.  But they are
*important* parts of pgp.  It may well be that an IETF standard is
inappropraite for pgp -- file security is a vital component of pgp, I 
don't see the IETF relevance, for example.


 matters
of unfounded fantasy, or based on errors.  

All in all, this is getting to be rather frustrating.


I am not an expert in either MIME or PGP, so I may just be blowing
smoke. 


Gad, what an opening.  I appreciate the opportunity, Kent, except for the
effort needed to skip rise above it...


Perhaps if you could avoid thinking about this as combat :-)


In particular, what format would MIME leave encrypted files on disk so
my above simple archaic email example would work?  How well does MIME 
work with stored objects?  How does the MIME standard actually deal with 
stored objects?


MIME is not about storage, it is about transmission. 


BINGO!


In any event, if you
need information about MIME, I encourage you to read the relevant RFCs and
learn about it.  It's remarkably difficult to condut a debate in which one
of the sides is not familiar with basic facts.  (On the other hand, it's
pretty easy when BOTH sides are ignorant...)


Actually, Dave, I *have* read the rfcs (though it's been a while) and
I *do* understand the "basic facts" of mime -- in fact, I understand
mime better than I understand pgp [OK, hold your breath, the urge will
pass, I'm just testing you :-)].  I said I "wasn't an expert".  I
didn't say I was "totally ignorant". 

-- 
Kent Crispin                            "No reason to get excited",
kent(_at_)songbird(_dot_)com                    the thief he kindly spoke...
PGP fingerprint:   B1 8B 72 ED 55 21 5E 44  61 F4 58 0F 72 10 65 55
http://songbird.com/kent/pgp_key.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Draft comments, Hal Finney
Next by Date:  Re: CMR, Kent Crispin
Previous by Thread:  Re: Armour, Dave Crocker / IMC
Next by Thread:  Re: Armour, David Formosa
Indexes:  [Date] [Thread] [Top] [All Lists]