8Bit chars in --armor output? GnuPG Bug? (was: Re: [PATCH] use 7bit instead of base64 for application/pgp-keys)

Marc Mutz Marc.Mutz@uni-bielefeld.de
Sun Jul 29 21:10:02 2001 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

Sorry to have posted such an incomplete message threat. Actually, the 
discussion was confined to attaching keys. We have menu options for 
that in KMail and so we definitely know what the attachment will 
contain. Currently, we encode the stuff we get back from gnupg/pgp in 
base64. I posted a patch to change that to 7bit, on the assumption that 
armor'ed output did not contain 8but chars. Then:

On Saturday 28 July 2001 09:44, Werner Koch wrote:
<snip>

> The preferred method to encapsulate messages is RFC2015 and not

> OpenPGP armor.

<snip>

Hm, rfc2015 is very sparse w.r.t. how application/pgp-keys should be 
handled/encoded. The _complete_ section reads:

- ---BEGIN---
7.  Distribution of PGP public keys
 
   Content-Type: application/pgp-keys
   Required parameters: none
   Optional parameters: none
 
   This is the content type which should be used for relaying public key
   blocks.
- ---END---

In section 2 we have:

- ---BEGIN---
2.  PGP data formats
 
   PGP can generate either ASCII armor (described in [3]) or 8-bit
   binary output when encrypting data, generating a digital signature,
   or extracting public key data.  The ASCII armor output is the
   REQUIRED method for data transfer.  This allows those users who do
   not have the means to interpret the formats described in this
   document to be able extract and use the PGP information in the
   message.
<snip>
- ---END---

So my argument was that base64-encoding for application/pgp-kys was 
against the sprit of the RFC and we should thus use 7bit instead.

But now we have the problem that header fields for a public key block 
can contain non-us-ascii chars, even though we are using "_ascii_ 
armor"...

Of course, we could use QP encoding, which would be as lightweight as 
7bit in this case, but that encodes (at least) the equal signs that are 
used in armor output, so you still loose the ability to pipe the 
message text through GnuPG/PGP to import the contained key without your 
MUA being MIME-enabled. I think this also is against the spirit of 
rfc2015.

So what shall we do? Use --default-comment?

TIA,
Marc

- -- 
Marc Mutz <Marc@Mutz.com>
http://marc.mutz.com/
http://www.mathematik.uni-bielefeld.de/~mmutz/
http://EncryptionHOWTO.sourceforge.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7ZHMm3oWD+L2/6DgRAtl1AKCIKRqzZggLN0QvCOKS3DmBLppN1QCg6UrP
2PuwZ4bzjFon0j9HinDlV60=
=dJUz
-----END PGP SIGNATURE-----