As Dave said, I think this argument is just going round in circles now.
We seem to have clarified at least some points. I believe none of the
following is contentious:
1. We should not MUST MIME *or* Armour. Both increase the amount of code
needed for a minimal implementation, which none of us want. As Dave
said, linearly increased code increases exponentially the potential for
errors.
2. We are not trying to eliminate Armour. It is entirely appropriate
that it should be in there as an option to provide backward
compatibility, if implementors so wish.
3. Both systems are for converting fully secure binary PGP data into a
form which can be safely stored in/sent across 7-bit systems. Mail is
such a system. Armour/MIME does nothing for security. As Dave and Jon
have both said, OP is NOT a mail standard. It is a security standard.
7-bit conversion should therefore not be a MUST. As Lindsay Mathieson
said, we can safely assume most file systems can cope with 8-bit data.
Jeremey Barrett wrote:
As Jon pointed out, PGP is not email software, there are a host
of other applications for PGP, which might well benefit (and do)
from ASCII armor.
The only way these applications will benefit from armor is if they need
to send data across a 7-bit system. Everywhere else can store objects in
their original 8-bit format.
My point is that _requiring_ MIME eliminates a set of users. That's
all. Eliminating users decreases the security of the system, because
less people have the necessary tools. If security is the goal (and
as I read the wg charter, "The whole purpose of Open-PGP is to provide
security services") then the elimination of ASCII armor is
contradictory to the goals of the wg, IMO. It should be a MUST.
If we follow this logic, RSA and IDEA should be a MUST. We eliminate far
more users by not specifying this than by not making armor compulsory.
I thought we were discussing PGP, not email. Last time I checked noone
has implemented file encryption, or encrypted archiving tools, or
remailers, or keyservers, or nym servers, or anything other than
email (and on occasion news) using MIME. Nor should they.
That's right. Armor is used in systems that use 7-bit mail systems as
their transport mechanism. Therefore, Armor is only relevant if we are
discussing PGP as an e-mail standard. You are arguing against yourself
here.
File encryption and archiving tools can support 8-bit data. They do not
require armor. Remailers are using mail transport. The main reason
keyservers use armor is that they originally used mail transport. It
would be just as appropriate, and faster, for the Web/LDAP-based systems
to transfer keys as binary data. See http://solo.dc3.com/pks/kfmts.html
for one that allows this.
Ian.