[Top] [All Lists]

Re: Armour

1997-11-26 22:30:27
I thought we were discussing PGP, not email. Last time I checked noone
has implemented file encryption, or encrypted archiving tools, or
remailers, or keyservers, or nym servers, or anything other than
email (and on occasion news) using MIME. Nor should they.


I think we are discussing if armour should be a MUST in OPGP.

I've been following this debate off and on. Just one question: are 
you saying that armour is a MUST to implement the stuff in your 
example list? 

File encryption: pgp binary format.

Encrypted archiving tool: Tar or zip (or some proprietary archival 
format), then pgp-encrypt (or des, or oily-crypt) the archive. No 

Remailers: 1. If talking via SMTP, then this is about email. 2. 
Mixmaster uses its own binary format - no armour.

Keyservers: Historically, ftp interface - no armour; email interface 
- armour; WWW interface - armour carried in text/plaintext. LDAP - is 
armour necessary? How does PGP 5.x do it?

Nymservers: Haven't played with these; any example? Likely interfaces 
are, again, email, WWW, or LDAP.

Does Perl's Penguin use armour? If something like Penguin is 
implemented natively (i.e., doing the pgp bits directly, instead of 
invoking an external pgp app), armour is not needed.

PGP is a powerful tool, used in many different ways. ONE of them is
vanilla email. ALL of them benefit from ASCII armoring. ASCII armoring
is essential to the survival of PGP and to the security of the "PGP 
system", and the many systems built on top of it now and in the future.

Too many topic sentences in one paragraph. ;-)

"ALL of them" benefit from armouring: I think this point has 
not been clearly established.

Armour "essential" to survival of PGP and to "security of the "PGP 
system"": Ditto.

One can implement MIME support without "switching to it". PGP/MIME is
good. PGP/MIME SHOULD be done. ASCII armor MUST be done.

If there is no consensus, surely armour support must not be a MUST, 
but should be a SHOULD. 

Whether armour is MUST or SHOULD, nobody will produce an OPGP 
implementation without armour, IMHO.

If somebody does, the market will decide.

Ng Pheng Siong 

<Prev in Thread] Current Thread [Next in Thread>