[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Multiple OpenPGP messages per file: legal or not?

Rachel Willmer wrote:
On 08/10/2007, David Shaw <dshaw@xxxxxxxxxxxxxxx> wrote:
On Sun, Oct 07, 2007 at 11:41:25PM +0100, Rachel Willmer wrote:
If (d) "out of scope", which spec does define file formats?

If the answer is "there isn't one which does", how do we plan to do
interoperability between applications which use the OpenPGP packet
format? e.g. to transfer Encrypted Messages.
I didn't quite mean "out of scope" in that sense.  I meant "the spec
doesn't mandate it or forbid it, so it's up to the implemention to
decide."  As you saw, GPG doesn't do it.

It shouldn't be up to the implementation to decide (IMHO). If the goal
of the WG is "to provide IETF standards for the algorithms and formats
of PGP processed objects", then surely some standard file formats
should be defined [*] : e.g. keyring, encrypted file, signed file,

The architectural imperative here is that the definition has to stop somewhere.

Stopping before the file / message level is a good idea because if you stop after the file level, you also have to define what a file is [*]. I'm sure the theoreticians will describe this more clearly than I .. but files aren't necessarily just a sequence of bytes. Emails aren't necessarily the same as files. Chat messages are different to emails. Who knows what the next innovation in storage or communication will ask of us.

By stopping short of how the sequence of bytes is stored or passed, OpenPGP ensures that it is applicable and interoperable across a wide range of apps ... just by forcing the developers of the apps to agree on a few local details.

Also, files like keyrings are not the subject of interoperability in normal security practice. The app owns its keyring, and it doesn't want to let anyone touch it, it's a bit of a historical accident that the PGP keyring was so easy to share. If there is a need to converse with another app, then they should use an export/import format, and there are well-defined export sequences in the spec, so that the app has a chance to deal with any complications of sharing its internal data.


[*] I'm using "file format" in the loose sense of disk file or file stream.

A spec would not be able to be so conveniently loose ;)