On Mar 16, 2015, at 7:04 PM, Peter Gutmann
Jon Callas <jon(_at_)callas(_dot_)org> writes:
Certainly the ASCII Armor checksum is something that could go, since we don't
need to worry so much about modem line noise. :-) But you have to know enough
to ignore it.
It's not just the checksum, the entire ASCII armoring should have been
discarded years, no decades, ago. The whole thing was originally implemented
because facilities like FidoNet and Usenet didn't handle binary messages, and
the checksum was because things like 2400bps modems (pre-MNP) on the DOS PCs
that PGP 1 was written for wouldn't cancel out line noise, so it was useful to
check for inadvertent message corruption before you warned about invalid
The MIME standard (going back to RFC 1341) is over 20 years old and pretty
much everything supports it, but PGP persists with something from even earlier
(PEM, from 1987, that's nearly 30 years ago). It's not just "a museum of
1990s crypto" (thanks to Matthew Green for the great quote), it's also a
museum of 1980s and 1990s everything-else. The entire discussion of "ASCII
armour" should have been replaced with "use a mechanism like MIME" years ago.
(Oh, and by "MIME" I mean proper use of MIME, not "wrap PGP-PEM in MIME
headers and pretend it's MIME", RFC 2015/3156).
Maybe not decades.
ASCII armor as it exists now uses the same encoding as MIME for base64, purely
by chance. It is one of the things that makes me least crazy because it’s
mostly standard and actually kinda useful. There are a lot of semantic places
where it’s nice to know that something is an OpenPGP object in human-readable
Something that seems to be forgotten all over the place is that email is
actually one of the least interesting places to use OpenPGP. ASCII armor ends
up being a nice way to encode something so you don’t have to play "guess the
Relatively recently, I was opining to someone that it would be useful to come
up with a JSON encoding for OpenPGP that would give an easy-to-parse thing
that’s not just ASCII armor. But some years ago, I said the same thing but it
was XML, not JSON. And a few years before that, it was S-Expressions, most
recently in SPKI format, and more Common LISP-ish before that even. JSON is
what the cool kids are using this decade, don’t you know.
And *that* is the reason to just stick with ASCII armor.
openpgp mailing list