ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] Character encodings

2015-03-17 18:33:16
from [Phillip Hallam-Baker] [Permanent Link] 
On Tue, Mar 17, 2015 at 3:44 PM, Jon Callas <jon(_at_)callas(_dot_)org> wrote:


One of the things that OpenPGP doesn't do very well that needs to be fixed
is layering.

We have the notion of text versus binary because at one time that kinda
made sense. Back when FTP was high-tech, you could get better usability by
knowing that something was text so that you could translate between SIXBIT,
EBCDIC, RAD50, ASCII, and other codings that only used upper case in their
names (because lower-case was also high-tech in those days).

We don't have those problems any more. We have slightly different
problems, but we also have solutions to those. If you want to send a text
message that has a strange encoding, there are ways to do that. Wyllys
Ingersoll and others have noted this.

Just get rid of the notion of text. Make it be all binary. Push the
problem up a layer in the software stack -- they have to deal with it
anyway, and all OpenPGP can do is make it worse.



+1

It is all just binary blobs for the end-to-end crypto layer.

The biggest mistakes in the Internet are all due to naive attempts to solve
problems for the end user by converting their bits from one format to
another.

Remember when every time you used FTP you had to do every file transfer
twice because the first time you forgot to set the flag to Binary
transport? The main reason email is a problem is that mail gateways do
idiot character transformations like line wrapping and get things wrong.

The layering issue is key. SMTP and HTTP both conflate the application
layer headers and content metadata. These should be separated out. Now it
is too late to do that for regular mail but we can start fixing it for
encrypted.

The content-type, character set, subject line etc. should all be considered
content metadata. In fact From, To, CC should as well because those are not
what SMTP uses to route on, the SMTP values are used.

This also solves the problem of not leaking unnecessary information.


Yes, I understand that using SMTP in its current form will leak information
as well. But there are ways to start fixing that.

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] Character encodings, Daniel Kahn Gillmor
Next by Date:  Re: [openpgp] Intent to deprecate: Insecure primitives, Daniel Kahn Gillmor
Previous by Thread:  Re: [openpgp] Character encodings, Jon Callas
Next by Thread:  Re: [openpgp] Character encodings, Christoph Anton Mitterer
Indexes:  [Date] [Thread] [Top] [All Lists]