Mailing List Archive

On Tue, Feb 08, 2000 at 05:09:25PM +0900, sen_ml@eccosys.com (sen_ml@eccosys.com) wrote:
>
> if there is no method of dealing w/ this intelligently, i think some
> mechanism should be designed.
>
> i would like to hear the opinions of other users of gnupg/pgp as well.

Several friends and I were debating the other day about the gains and losses that would be imposed if the entire Sendmail-based email system as we know it were scrapped for an XML-based system. This is purely hypothetical, as a complete replacement of the entire Internet email infrastructure as we know it is practically impossible, but I would categorize this solution to your problem as one of the benefits of switching to an XML-based email format.

Example:

<?xml version="1.0"?>
<email><body subject="Catching Up"><greeting>Dear <recipient address="mom@aol.com">mom</recipient>,</greeting>

<para>Things are going well here. How are you?</para>

<signature>Love, <sender address="bob@vanitydomain.com">Your Son</sender></signature>
</body>
</email>

This example shows how header information (including the subject line) could be used within the content and extracted with any of the popular Free xml parsers available.

Another example shows how header information could be abstracted from the content:

<?xml version="1.0"?>
<email>
<recipient address="mom@aol.com"/>
<sender address="bob@vanitydomain.com"/>
<body subject="Catching Up">
Dear Mom,

Things are going well here. How are you?

Love,
Your Son
</body>
</email>

Now, add encryption: say instead of using arbitrary ---- BOBS ENCRYPTION EMPORIUM ENCRYPTED MESSAGE FOLLOWS ----- tags, like PGP and GPG do, an encryption program would only have to read text between user-selectable tags and add tags of its own:

...
<email>
<recipient address="mom@aol.com"/>
<sender address="bob@vanitydomain.com"/>
<encrypt>
<body subject="Catching Up">
Dear Mom,
...
</body></encrypt></email>

Note that by choosing to put the "encrypt" tags around the part of the message with the subject specified, the subject would be encrypted with the rest of the message when the time comes to convert to cyphertext. However, since it is still specified in machine-parsable XML tags, when the secret key is used to decrypt the content of the <encrypt> tags, it can still be rendered as part of the MUA header info if the user desires.

Obviously, this level of flexibility means it'd be easy for people to write email that utterly breaks the transport system; for example, what if the user chose to encrypt everything within the <email> elements? The recipient and sender addresses would be encrypted also and the MTA's would never be able to deliver it. This seems to be more of a problem for MUA developers, though, rather than with the concept as a whole. Those of us who understand XML and would probably prefer to write it by hand would simply have to be careful to exclude transmission attributes from the <encrypt> elements.

XML's greatest feature, I would say, is its ability to be parsed meaningfully by machines as well as humans. This would make it well-suited to digital signing, too:

<signed>Message text blah blah blah including markup like <subject>this is the subject</subject> blah blah blah</signed>
<signature>ghlasj;dfklaertoainsertcyphertextherentmr,ewhuopashjldnbt</signature>

...and if the mail user agent understands the specified DTD (which could be different for PGP 2, PGP 5, GPG, and Proprietary Encryption Software #273, thus making incompatibilities irrelevant) it could do neat tricks like hide the ugly signature cyphertext but display the contents of the <signed> tags in black if the signature is valid and red with a warning dialog box if it isn't.

Once again, this is all purely hypothetical and even a bit oversimplified, but selecting which parts of email documents get treated which ways by which mail agents seems to be a task that the flexible, hierarchical Extensible Markup Language would excel at.

This message has contained YASXMLT (yet another stupid XML trick).
--

Everything on television is fake.
----------------------------------------------------------------------------
sungod@atdot.org

sungod <sungod@atdot.org> writes:

> Once again, this is all purely hypothetical and even a bit
> oversimplified, but selecting which parts of email documents get
> treated which ways by which mail agents seems to be a task that the
> flexible, hierarchical Extensible Markup Language would excel at.

I see only one functional benefit you would get over using MIME,
signing and encrypting headers in a natural way. Other than that,
everything you mentioned can be done _now_. It's just done in a more
verbose way.

So, what else would you gain from this? You'd suddenly need to add an
XML parser to every program which touched email. And I don't know how
many OSes come with an XML parsing library, so you'd end up having
multiple ones being installed and in memory on any given computer.
Sounds like a terrible cost if you aren't going to get much out of it.

--
Alan Shutko <ats@acm.org> - In a variety of flavors!
Never underestimate the power of human stupidity.

Sungod, sorry for the e-mail. Should've gone to the list.

sungod wrote:

> On Tue, Feb 08, 2000 at 05:09:25PM +0900, sen_ml@eccosys.com (sen_ml@eccosys.com) wrote:
> >
> > if there is no method of dealing w/ this intelligently, i
> > think some mechanism should be designed.
> >
> > i would like to hear the opinions of other users of gnupg/pgp as well.
>
> Several friends and I were debating the other day about the gains and losses that would be imposed if the entire Sendmail-based email system as we know it were scrapped for an XML-based system. This is purely hypothetical, as a complete replacement of the entire Internet email infrastructure as we know it is practically impossible, (techish snipped)

Would it? It would take a lot of time, yes, but I don't see it as
impossible. Alternative means of communication are indeed capable of
gaining acceptance (see ICQ, which is proprietary and doesn't cover
everything conventional e-mail does). A well-though-out system like the
one you described, capable of sender authentication, nonrefutation, spam
protection, powerful formatting, seamless encryption/signing etc etc
etc... could very well be built up and thrust upon the unsuspecting
public. If it does everything e-mail does, I'd bet in 5 years SMTP would
go the way of typewriters.

Utopian regards
Juan

hah, i've never heard of an rfc for an rfc before!

that said, i think that it's a good idea to develop some sort of
subject system.

-jon

--
Jon Nathan
jon@blading.com
http://www.rupture.net/~jon/


On Wed, 9 Feb 2000 sen_ml@eccosys.com wrote:

[..]

> is there a recommended way of proceeding to create a rfc for this (or
> have it attached to an existing one)?

On Tue, 8 Feb 2000, Jon Nathan wrote:

> hah, i've never heard of an rfc for an rfc before!
>
> that said, i think that it's a good idea to develop some sort of
> subject system.

But before that his MUA wrote:

> In-Reply-To: <20000209103020L.1000@eccosys.com>
> Message-ID: <Pine.LNX.4.20.0002082119590.31781-100000@hal.rupture.net>

There you go! Now instead of forcing MUA maintainers to accept a new
threading standard, the problem is reduced to forcing them to support the
one that's already out there.

This threading discussion should probably go elsewhere....

--
Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu
"Where's the kaboom? There was supposed to be an Earth-shattering kaboom!"
-- Marvin Martian, 01/01/2000 00:00:00