Mailing List Archive

Hi Jeff,

I think a more appropriate venue for this type of discussion would be the OpenPGP Mailing List. See https://www.ietf.org/mailman/listinfo/openpgp

Kind regards,
Wiktor



>Hello,
>
>   I was thinking, it's time for the OpenPGP standard to be updated with a shorter form for the parts of inline messages that indicate a message is signed and/or encrypted, to make it more useful for signing and/or encrypting messages on services that limit the number of chars per message. For example, a lot of Mastodon instances of the ActivityPub Fediverse, limit message length to 500 chars. It's a lot to give up a large fraction of the message char length for the following openpgp bits:
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA512
>-----BEGIN PGP SIGNATURE-----
>-----END PGP SIGNATURE-----
>
>That's 108 characters just for OpenPGP. If that could be abbreviated, that would save some precious chars for people's actual messages. I realize that gnupg devels don't own the standard, but have to simply implement the standard, but I thought you all might be in a position to advocate such a change with whoever maintains the standard.
>
>So, for example, maybe something like:
>
>--BPSM--
>H: SHA512
>--BPSG--
>--EPSG--
>
>Which reduces the total char count down to 39 chars (of course, not counting the actual encrypted hash) at least with SHA512 as the hash - of course, it would be variable length because the hash abbreviation might be longer or shorter for other hashes.
>
>Sorry if this has been previously discussed on the mailing list - the list server does not provide a search function, and I couldn't find this in the gnupg FAQ, or doing a web search for "shorter pgp signature".
>
>It does occur to me another approach would be to attach signatures to such posts as an .asc file or .sig file, but as that may not always be an available solution for everyone, it really seems like shortening the openpgp inline text delimiters could be helpful in a lot of cases.
>

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-devel

Thanks. I will join that list and post there.

On 11/1/2023 4:28 PM, Wiktor Kwapisiewicz wrote:
> Hi Jeff, > > I think a more appropriate venue for this type of discussion would
be the OpenPGP Mailing List. See
https://www.ietf.org/mailman/listinfo/openpgp > > Kind regards, > Wiktor
> > > >> Hello, >> >> I was thinking, it's time for the OpenPGP
standard to be updated with a shorter form for the parts of inline
messages that indicate a message is signed and/or encrypted, to make it
more useful for signing and/or encrypting messages on services that
limit the number of chars per message. For example, a lot of Mastodon
instances of the ActivityPub Fediverse, limit message length to 500
chars. It's a lot to give up a large fraction of the message char length
for the following openpgp bits: >> >> >> That's 108 characters just for
OpenPGP. If that could be abbreviated, that would save some precious
chars for people's actual messages. I realize that gnupg devels don't
own the standard, but have to simply implement the standard, but I
thought you all might be in a position to advocate such a change with
whoever maintains the standard. >> >> So, for example, maybe something
like: >> >> --BPSM-- >> H: SHA512 >> --BPSG-- >> --EPSG-- >> >> Which
reduces the total char count down to 39 chars (of course, not counting
the actual encrypted hash) at least with SHA512 as the hash - of course,
it would be variable length because the hash abbreviation might be
longer or shorter for other hashes. >> >> Sorry if this has been
previously discussed on the mailing list - the list server does not
provide a search function, and I couldn't find this in the gnupg FAQ, or
doing a web search for "shorter pgp signature". >> >> It does occur to
me another approach would be to attach signatures to such posts as an
.asc file or .sig file, but as that may not always be an available
solution for everyone, it really seems like shortening the openpgp
inline text delimiters could be helpful in a lot of cases. >> >

Hi!

On Wed, 1 Nov 2023 13:43, Jeff Schmidt said:

> That's 108 characters just for OpenPGP. If that could be abbreviated,
> that would save some precious chars for people's actual messages. I

Ist seems your are using clearsigned signature which is a legacy method
back from the BBS times. It still has its use cases but those are
pretty limited. A better way for a realvily new protocol is to use a
detached signature - either in the MIME format (if MIME is already used
by Mastodon) or by using a cusom format like Git does it. You save a
lot of extra octets and avoid many pitfalls in clearsigned texts.

But yes, this requires some kind of support in Mastodon.

> So, for example, maybe something like:
>
> --BPSM--
> H: SHA512

Mastodon clients may post- and pre- process such message before they are fed to
gpg. But I would not suggest this.


Salam-Shalom,

Werner

--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein