IETF Logo Mail Archive

Re: Outstanding question - rule on cleartext signing last line

David Shaw <dshaw@jabberwocky.com> Mon, 26 December 2005 20:31 UTC

Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Eqz0Z-0000N9-QA for openpgp-archive@megatron.ietf.org; Mon, 26 Dec 2005 15:31:51 -0500
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA00140 for <openpgp-archive@lists.ietf.org>; Mon, 26 Dec 2005 15:30:42 -0500 (EST)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id jBQKJZW4024133; Mon, 26 Dec 2005 12:19:35 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id jBQKJZKC024132; Mon, 26 Dec 2005 12:19:35 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by above.proper.com (8.12.11/8.12.9) with ESMTP id jBQKJXsL024126 for <ietf-openpgp@imc.org>; Mon, 26 Dec 2005 12:19:34 -0800 (PST) (envelope-from dshaw@jabberwocky.com)
Received: from walrus.hsd1.ma.comcast.net (walrus.hsd1.ma.comcast.net [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id jBQKJWS05700; Mon, 26 Dec 2005 15:19:32 -0500
Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id jBQKJSX6000433; Mon, 26 Dec 2005 15:19:28 -0500
Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id jBQKJQZR031374; Mon, 26 Dec 2005 15:19:26 -0500
Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id jBQKJQ7M031373; Mon, 26 Dec 2005 15:19:26 -0500
Date: Mon, 26 Dec 2005 15:19:26 -0500
From: David Shaw <dshaw@jabberwocky.com>
To: Ian G <iang@systemics.com>
Cc: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: Outstanding question - rule on cleartext signing last line
Message-ID: <20051226201926.GB31051@jabberwocky.com>
Mail-Followup-To: Ian G <iang@systemics.com>, OpenPGP <ietf-openpgp@imc.org>
References: <43980274.2080404@iang.org> <20051208104150.GA14918@epointsystem.org> <43981C74.1070403@systemics.com> <87bqzrhj6i.fsf@wheatstone.g10code.de> <20051208145205.GA5943@jabberwocky.com> <43AFE21B.1000102@algroup.co.uk> <20051226153615.GB7066@jabberwocky.com> <43B0184C.6010505@systemics.com> <20051226163908.GC7066@jabberwocky.com> <43B0285D.2020004@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <43B0285D.2020004@systemics.com>
OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc
User-Agent: Mutt/1.5.11
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Mon, Dec 26, 2005 at 05:29:01PM +0000, Ian G wrote:
> 
> David Shaw wrote:
> >As far as I can see, the current system is quite reversible.  For
> >example, given a document reading "this is a test" (no line ending,
> >and the last character in the file is the second t from test), here's
> >a clear signature:
> 
> OK, I understand all that.  But you've added
> a new rule:  on signing, always add the extra
> line ending.
> 
> And that's what we want to clarify - I don't
> think the spec says that.  It simply says that
> the last newline is not part of the signature.

Ok, now we're cooking: we agree.  I don't think the spec says that
either.  I am just saying that that behavior is consistent with the
spec, and (I say) a good thing to do, and (to me) follows naturally
from what the spec does say.  That said, GPG doesn't do it, and PGP
(at least the version I have here) does.

Both PGP and GPG are compliant with the spec as written.  If you add
this extra rule to enforce reversibility, GPG will become noncompliant
(fixable, but annoying), and many GPG-created signatures will become
noncompliant (a little more worrisome).

> Can we put that in the spec?  Here's what it
> says:
> 
>     As with binary signatures on text documents, a cleartext signature
>     is calculated on the text using canonical <CR><LF> line endings.
>     The line ending (i.e. the <CR><LF>) before the '-----BEGIN PGP
>     SIGNATURE-----' line that terminates the signed text is not
>     considered part of the signed text.
> 
>     When reversing dash-escaping, an implementation MUST strip the
>     string "- " if it occurs at the beginning of a line, and SHOULD warn
>     on "-" and any character other than a space at the beginning of a
>     line.
> 
>     Also, any trailing whitespace -- spaces (0x20) and tabs (0x09) -- at
>     the end of any line is removed when the cleartext signature is
>     generated.
> 
> Here's what I suggest (changes at ***):
> 
>     As with binary signatures on text documents, a cleartext signature
>     is calculated on the text using canonical <CR><LF> line endings.
>     The line ending (i.e. the <CR><LF>) before the '-----BEGIN PGP
>     SIGNATURE-----' line that terminates the signed text is not
> *** part of the signed document and SHOULD be added by implementations. ***
> 
>     When reversing dash-escaping, an implementation MUST strip the
>     string "- " if it occurs at the beginning of a line, and SHOULD warn
>     on "-" and any character other than a space at the beginning of a
>     line.
> 
>     Also, any trailing whitespace -- spaces (0x20) and tabs (0x09) -- at
>     the end of any line is removed when the cleartext signature is
>     generated.
> 
> How's that?

I have no objection to that.

David

v2.23.0 | Report a Bug | By Email