Re: Outstanding question - rule on cleartext signing last line
Ian G <iang@systemics.com> Mon, 26 December 2005 17:41 UTC
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EqwLe-0002e4-CU for openpgp-archive@megatron.ietf.org; Mon, 26 Dec 2005 12:41:26 -0500
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA10042 for <openpgp-archive@lists.ietf.org>; Mon, 26 Dec 2005 12:40:16 -0500 (EST)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id jBQHTjgZ001411; Mon, 26 Dec 2005 09:29:45 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id jBQHTjg9001410; Mon, 26 Dec 2005 09:29:45 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id jBQHTi7C001404 for <ietf-openpgp@imc.org>; Mon, 26 Dec 2005 09:29:44 -0800 (PST) (envelope-from iang@systemics.com)
Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 2870141676; Mon, 26 Dec 2005 17:29:43 +0000 (GMT)
Message-ID: <43B0285D.2020004@systemics.com>
Date: Mon, 26 Dec 2005 17:29:01 +0000
From: Ian G <iang@systemics.com>
Organization: http://financialcryptography.com/
User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050921)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: David Shaw <dshaw@jabberwocky.com>
Cc: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: Outstanding question - rule on cleartext signing last line
References: <43980274.2080404@iang.org> <20051208104150.GA14918@epointsystem.org> <43981C74.1070403@systemics.com> <87bqzrhj6i.fsf@wheatstone.g10code.de> <20051208145205.GA5943@jabberwocky.com> <43AFE21B.1000102@algroup.co.uk> <20051226153615.GB7066@jabberwocky.com> <43B0184C.6010505@systemics.com> <20051226163908.GC7066@jabberwocky.com>
In-Reply-To: <20051226163908.GC7066@jabberwocky.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit
David Shaw wrote: > As far as I can see, the current system is quite reversible. For > example, given a document reading "this is a test" (no line ending, > and the last character in the file is the second t from test), here's > a clear signature: OK, I understand all that. But you've added a new rule: on signing, always add the extra line ending. And that's what we want to clarify - I don't think the spec says that. It simply says that the last newline is not part of the signature. By all means, if that's what we agree on, then we should simply state that in the spec: always add a newline on signing, always take it off on reversing (verifying and stripping sig). I'm happy with that rule - even though I don't think that's what all implementations do. > The final CRLF is not part of the document. If a user/implementation > wants a final CRLF in there that is part of the document, they need to > add one. > > Think of the "BEGIN PGP SIGNATURE" string as actually being > "CRLF-----BEGIN PGP SIGNATURE". It's part of the message structure > and not part of the signed text. Right that all makes perfect sense - to me. Can we put that in the spec? Here's what it says: As with binary signatures on text documents, a cleartext signature is calculated on the text using canonical <CR><LF> line endings. The line ending (i.e. the <CR><LF>) before the '-----BEGIN PGP SIGNATURE-----' line that terminates the signed text is not considered part of the signed text. When reversing dash-escaping, an implementation MUST strip the string "- " if it occurs at the beginning of a line, and SHOULD warn on "-" and any character other than a space at the beginning of a line. Also, any trailing whitespace -- spaces (0x20) and tabs (0x09) -- at the end of any line is removed when the cleartext signature is generated. Here's what I suggest (changes at ***): As with binary signatures on text documents, a cleartext signature is calculated on the text using canonical <CR><LF> line endings. The line ending (i.e. the <CR><LF>) before the '-----BEGIN PGP SIGNATURE-----' line that terminates the signed text is not *** part of the signed document and SHOULD be added by implementations. *** When reversing dash-escaping, an implementation MUST strip the string "- " if it occurs at the beginning of a line, and SHOULD warn on "-" and any character other than a space at the beginning of a line. Also, any trailing whitespace -- spaces (0x20) and tabs (0x09) -- at the end of any line is removed when the cleartext signature is generated. How's that? iang
- [Fwd: [PGP-USERS] Word Wrap Problems with PGP 9.0… Ian G
- Re: [Fwd: [PGP-USERS] Word Wrap Problems with PGP… Daniel A. Nagy
- Outstanding question - rule on cleartext signing … Ian G
- Re: Outstanding question - rule on cleartext sign… Werner Koch
- Re: Outstanding question - rule on cleartext sign… Daniel A. Nagy
- Re: Outstanding question - rule on cleartext sign… Daniel A. Nagy
- Re: Outstanding question - rule on cleartext sign… David Shaw
- Re: Outstanding question - rule on cleartext sign… Ben Laurie
- Re: Outstanding question - rule on cleartext sign… Daniel A. Nagy
- Re: Outstanding question - rule on cleartext sign… David Shaw
- Re: Outstanding question - rule on cleartext sign… Ian G
- Re: Outstanding question - rule on cleartext sign… David Shaw
- Re: Outstanding question - rule on cleartext sign… David Shaw
- Re: Outstanding question - rule on cleartext sign… Ben Laurie
- Re: Outstanding question - rule on cleartext sign… Ben Laurie
- Re: Outstanding question - rule on cleartext sign… Ben Laurie
- Re: Outstanding question - rule on cleartext sign… Ian G
- Re: Outstanding question - rule on cleartext sign… David Shaw
- Re: Outstanding question - rule on cleartext sign… Daniel A. Nagy