Re: New Draft... going forward

[lutz@xxxxxxxxxxxxxxxxxxx (Lutz Donnerhacke)]

* Thomas Roessler wrote:
>Lutz Donnerhacke wrote:
[Allowing direct MIME encoding of the PGP octet stream]

>From RFC 2015:
>   PGP can generate either ASCII armor (described in [3]) or
>   8-bit binary output when encrypting data, generating a
>   digital signature, or extracting public key data.  The ASCII
>   armor output is the REQUIRED method for data transfer.  This
>   allows those users who do not have the means to interpret
>   the formats described in this document to be able extract
>   and use the PGP information in the message.
>
>To me, this sounds reasonable.

Sure, but if software is unable to deal with MIME, the user do have other
problems than PGP. Even RfC 2015 requires MIME compilant software to deal
with digital signatures. So the other part does not harm that much. It is
still possible to pipe a base64 encoded message through a decoder and into
pgp-compilant software. The only difference is, that today pgp messages
without MIME headers must be piped through pgp alone.

In short: Ascii Armor is outdated.

>> 3.1.3 Cleartext signature framework

>PGP 2.6's clear text armor goes a little bit beyond RFC 1113
>which defines the original dash escaped text: Lines beginning
>with the five characters "From " are escaped as well.

Thanx. I'll add it.