[Top] [All Lists]

Re: [openpgp] "OpenPGP Simple"

2015-03-16 21:05:11
Jon Callas <jon(_at_)callas(_dot_)org> writes:

Certainly the ASCII Armor checksum is something that could go, since we don't
need to worry so much about modem line noise. :-) But you have to know enough
to ignore it.

It's not just the checksum, the entire ASCII armoring should have been
discarded years, no decades, ago.  The whole thing was originally implemented
because facilities like FidoNet and Usenet didn't handle binary messages, and
the checksum was because things like 2400bps modems (pre-MNP) on the DOS PCs
that PGP 1 was written for wouldn't cancel out line noise, so it was useful to
check for inadvertent message corruption before you warned about invalid

The MIME standard (going back to RFC 1341) is over 20 years old and pretty
much everything supports it, but PGP persists with something from even earlier
(PEM, from 1987, that's nearly 30 years ago).  It's not just "a museum of
1990s crypto" (thanks to Matthew Green for the great quote), it's also a
museum of 1980s and 1990s everything-else.  The entire discussion of "ASCII
armour" should have been replaced with "use a mechanism like MIME" years ago.

(Oh, and by "MIME" I mean proper use of MIME, not "wrap PGP-PEM in MIME
headers and pretend it's MIME", RFC 2015/3156).

openpgp mailing list

<Prev in Thread] Current Thread [Next in Thread>