IETF Logo Mail Archive

Re: [openpgp] "OpenPGP Simple"

Jon Callas <jon@callas.org> Tue, 17 March 2015 06:49 UTC

Return-Path: <jon@callas.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E008B1A00B7 for <openpgp@ietfa.amsl.com>; Mon, 16 Mar 2015 23:49:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9k8M-gM-DMMc for <openpgp@ietfa.amsl.com>; Mon, 16 Mar 2015 23:49:21 -0700 (PDT)
Received: from mail.merrymeet.com (merrymeet.com [173.164.244.100]) by ietfa.amsl.com (Postfix) with ESMTP id 062BF1A00B5 for <openpgp@ietf.org>; Mon, 16 Mar 2015 23:49:20 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.merrymeet.com (Postfix) with ESMTP id 5013E6CA5D05; Mon, 16 Mar 2015 23:48:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at merrymeet.com
Received: from mail.merrymeet.com ([127.0.0.1]) by localhost (merrymeet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ap03m3tmdu8H; Mon, 16 Mar 2015 23:48:48 -0700 (PDT)
Received: from keys.merrymeet.com (keys.merrymeet.com [173.164.244.97]) by mail.merrymeet.com (Postfix) with ESMTPSA id 44BE16CA5CEE; Mon, 16 Mar 2015 23:48:46 -0700 (PDT)
Received: from [10.0.23.34] ([173.164.244.98]) by keys.merrymeet.com (PGP Universal service); Mon, 16 Mar 2015 23:48:48 -0700
X-PGP-Universal: processed; by keys.merrymeet.com on Mon, 16 Mar 2015 23:48:48 -0700
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
From: Jon Callas <jon@callas.org>
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73AAFB3811@uxcn10-5.UoA.auckland.ac.nz>
Date: Mon, 16 Mar 2015 23:48:46 -0700
Message-Id: <E5CD0AF9-2933-4938-805C-EAE1A45C3D39@callas.org>
References: <9A043F3CF02CD34C8E74AC1594475C73AAFB3811@uxcn10-5.UoA.auckland.ac.nz>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
X-Mailer: Apple Mail (2.2070.6)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/jcVSVimb15wqFUbZFF5eSwsZIg0>
Cc: "openpgp@ietf.org" <openpgp@ietf.org>, Jon Callas <jon@callas.org>
Subject: Re: [openpgp] "OpenPGP Simple"
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Mar 2015 06:49:23 -0000

> On Mar 16, 2015, at 7:04 PM, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote:
> 
> Jon Callas <jon@callas.org> writes:
> 
>> Certainly the ASCII Armor checksum is something that could go, since we don't
>> need to worry so much about modem line noise. :-) But you have to know enough
>> to ignore it.
> 
> It's not just the checksum, the entire ASCII armoring should have been
> discarded years, no decades, ago.  The whole thing was originally implemented
> because facilities like FidoNet and Usenet didn't handle binary messages, and
> the checksum was because things like 2400bps modems (pre-MNP) on the DOS PCs
> that PGP 1 was written for wouldn't cancel out line noise, so it was useful to
> check for inadvertent message corruption before you warned about invalid
> signatures.
> 
> The MIME standard (going back to RFC 1341) is over 20 years old and pretty
> much everything supports it, but PGP persists with something from even earlier
> (PEM, from 1987, that's nearly 30 years ago).  It's not just "a museum of
> 1990s crypto" (thanks to Matthew Green for the great quote), it's also a
> museum of 1980s and 1990s everything-else.  The entire discussion of "ASCII
> armour" should have been replaced with "use a mechanism like MIME" years ago.
> 
> (Oh, and by "MIME" I mean proper use of MIME, not "wrap PGP-PEM in MIME
> headers and pretend it's MIME", RFC 2015/3156).
> 

Maybe not decades.

ASCII armor as it exists now uses the same encoding as MIME for base64, purely by chance. It is one of the things that makes me least crazy because it’s mostly standard and actually kinda useful. There are a lot of semantic places where it’s nice to know that something is an OpenPGP object in human-readable form.

Something that seems to be forgotten all over the place is that email is actually one of the least interesting places to use OpenPGP. ASCII armor ends up being a nice way to encode something so you don’t have to play "guess the binary format."

Relatively recently, I was opining to someone that it would be useful to come up with a JSON encoding for OpenPGP that would give an easy-to-parse thing that’s not just ASCII armor. But some years ago, I said the same thing but it was XML, not JSON. And a few years before that, it was S-Expressions, most recently in SPKI format, and more Common LISP-ish before that even. JSON is what the cool kids are using this decade, don’t you know.

And *that* is the reason to just stick with ASCII armor.

	Jon

v2.23.0 | Report a Bug | By Email