[Top] [All Lists]

Re: [openpgp] "OpenPGP Simple"

2015-03-17 02:03:19
I have repeatedly found it useful, even in recent times, to cut/paste
ASCII-armored messages on my mobile. Am I a Neanderthal?
On Mar 17, 2015 3:05 PM, "Peter Gutmann" 
<pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz> wrote:

Jon Callas <jon(_at_)callas(_dot_)org> writes:

Certainly the ASCII Armor checksum is something that could go, since we
need to worry so much about modem line noise. :-) But you have to know
to ignore it.

It's not just the checksum, the entire ASCII armoring should have been
discarded years, no decades, ago.  The whole thing was originally
because facilities like FidoNet and Usenet didn't handle binary messages,
the checksum was because things like 2400bps modems (pre-MNP) on the DOS
that PGP 1 was written for wouldn't cancel out line noise, so it was
useful to
check for inadvertent message corruption before you warned about invalid

The MIME standard (going back to RFC 1341) is over 20 years old and pretty
much everything supports it, but PGP persists with something from even
(PEM, from 1987, that's nearly 30 years ago).  It's not just "a museum of
1990s crypto" (thanks to Matthew Green for the great quote), it's also a
museum of 1980s and 1990s everything-else.  The entire discussion of "ASCII
armour" should have been replaced with "use a mechanism like MIME" years

(Oh, and by "MIME" I mean proper use of MIME, not "wrap PGP-PEM in MIME
headers and pretend it's MIME", RFC 2015/3156).

openpgp mailing list

openpgp mailing list
<Prev in Thread] Current Thread [Next in Thread>