[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The case against redundancy and isolation

To: Jeremey Barrett <jeremey@xxxxxxxxxxxxx>
Subject: Re: The case against redundancy and isolation
From: Ian Brown <I.Brown@xxxxxxxxxxxx>
Date: Thu, 20 Nov 1997 10:26:56 +0000
Cc: Dave Crocker / IMC <dcrocker@xxxxxxx>, ietf-open-pgp@xxxxxxx
References: <> <> <> <> <>
Sender: owner-ietf-open-pgp@xxxxxxx

Jeremey Barrett wrote:

> Let me clarify my position a bit. I think MIME is great, and PGP/MIME
> is great. Both are necessary and I even use them from time to time.
> However, I _don't_ use them for most email, by choice, because it
> simply isn't useful.

I think several people have already given good reasons why they are
useful to *them*. Their utility will improve in time, as Dave Crocker
has already said. We *certainly* don't want to have to keep developing
armour in parallel to MIME every time a new feature (e.g. Unicode) is
needed.

> There is an awful lot of utility in ASCII armoring, and it would be
> unfortunate to "standardize" it out of future PGP implementations.
> Especially considering how bloody easy it is to implement, relative
> to PGP/MIME.

Really, you shouldn't have to do much work at all to implement MIME. The
mailer should be able to handle 99% of the encoding. You should be able
to say "Here is some binary data; its MIME type is x" - and that's all
there would be to it.

As Dave said:

> One argument for retaining the separate, PGP-specific mechanisms is that
> they aren't very expensive.  This shows a misunderstanding of the cost of
> having multiple solutions to the same problem.  Each can be incrementally
> cheap, but the combination is a pain and, more importantly, is frequently
> the source of software errors.  Besides that, a single-implementation cost
> that is small is made considerable more expensive when replicated across
> many products.

I occasionally send GIF files to people by e-mail. The only way to do
this is to use a MIME attachment. There aren't specifications for "GIF
armour" anywhere.

> I want to be able to send secure email to people who don't use MIME,
> that is a very useful feature of PGP in the context of email, and I 
> don't see any reason at all to not include ASCII armoring in the draft.

I agree. In the appendix is fine.

> Yes, PGP is about security, and requiring PGP users to use MIME mail
> readers does not result in an increase in security. Quite the
> opposite.

Could you please describe to us the security holes in MIME, and why they
are not present in Armour?

Ian

References:
- The Case Against MIME
  - From: William H. Geiger III
- Re: The Case Against MIME
  - From: Jeremey Barrett
- Re: The Case Against MIME
  - From: Ian Brown
- The case against redundancy and isolation
  - From: Dave Crocker / IMC
- Re: The case against redundancy and isolation
  - From: Jeremey Barrett

Prev by Date: Re: The Case Against MIME
Next by Date: Re: The case against redundancy and isolation
Previous by thread: Re: The case against redundancy and isolation
Next by thread: Re: The case against redundancy and isolation
Index(es):
- Date
- Thread