Discussion:
[openpgp] Alternative to Base64
Phillip Hallam-Baker
2016-07-18 18:49:03 UTC
Permalink
As we discussed after the meeting,

* Yes Base64 sucks

* Yes alleged 'binary' transport SMTP also sucketh because dimwits insert
CRLFs to wrap lines.

There is an alternative that could be used, yenc is widely implemented on
USENET.

http://www.yenc.org/yenc-draft.1.3.txt :

1. Fetch a character from the input stream.
2. Increment the character's ASCII value by 42, modulo 256
3. If the result is a critical character (as defined in the previous
section), write the escape character to the output stream and increment
character's ASCII value by 64, modulo 256.
4. Output the character to the output stream.
5. Repeat from start.

Critical characters include the following:

ASCII 00h (NULL)
ASCII 0Ah (LF)
ASCII 0Dh (CR)
ASCII 3Dh (=)


It ain't perfect but it is about 98% efficient and we need not
necessarily do that exact scheme.
Stephen Paul Weber
2016-07-18 21:09:40 UTC
Permalink
_______________________________________________
openpgp mailing list
***@ietf.org
https://www.ietf.org/mailman/listinfo/openpgp
brian m. carlson
2016-07-18 23:21:35 UTC
Permalink
Post by Phillip Hallam-Baker
As we discussed after the meeting,
* Yes Base64 sucks
* Yes alleged 'binary' transport SMTP also sucketh because dimwits insert
CRLFs to wrap lines.
There is an alternative that could be used, yenc is widely implemented on
USENET.
1. Fetch a character from the input stream.
2. Increment the character's ASCII value by 42, modulo 256
3. If the result is a critical character (as defined in the previous
section), write the escape character to the output stream and increment
character's ASCII value by 64, modulo 256.
4. Output the character to the output stream.
5. Repeat from start.
ASCII 00h (NULL)
ASCII 0Ah (LF)
ASCII 0Dh (CR)
ASCII 3Dh (=)
It ain't perfect but it is about 98% efficient and we need not
necessarily do that exact scheme.
I would like to point out a use case we may not have considered:
clearsigned hash files. It's very common for people to create files
that are the output of sha256sum or sha512sum and clearsign them, so
that everything's in one file. This requires something that is
text-friendly and won't send escape sequences to the terminal. yEnc
isn't that.

People also copy and paste ASCII-armored detached signatures and
clearsigned messages. I work in an industry where my sole access to fix
customer machines is via an SSH terminal session; no SFTP or SCP is
allowed. Anything that isn't text-friendly has to be base64 encoded.

I agree, Base64 sucks in a lot of ways, but people already are going to
have to implement the Radix-64 format for backwards compatibility. Even
if we exclude it from the spec, people are still going to use it because
it meets their needs. We might as well accept that and move on.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: https://keybase.io/bk2204
Mark D. Baushke
2016-07-19 14:58:53 UTC
Permalink
Cutting and pasting text is not always going to do what you want.

I will note that some 'helpful' programs (including some Mail User
Agents) may transcode character strings. For example, the two characters
'--' UTF-8 (hex) 0x2d 0x2d get transcoded as EM DASH (U+2014) or UTF-8
(hex) 0xe2 0x80 0x94. Or three . (dot) as HORIZONTAL ELLIPSIS (U+2026)
UTF-8 (hex) 0xe2 0x80 0xa6. Then there are the smart single and double
quotes to consider.

So, I tend to agree that base64 is needful.

-- Mark

Loading...