Re: [openpgp] OpenPGP Armor Message specification

Guillem Jover <guillem@hadrons.org> Sat, 12 August 2017 18:57 UTC

Return-Path: <guillem@master.debian.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF87A120721 for <openpgp@ietfa.amsl.com>; Sat, 12 Aug 2017 11:57:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.198
X-Spam-Level:
X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jdwp2ZR0SeW8 for <openpgp@ietfa.amsl.com>; Sat, 12 Aug 2017 11:57:56 -0700 (PDT)
Received: from master.debian.org (master.debian.org [IPv6:2001:41b8:202:deb:216:36ff:fe40:4001]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C16EB1201F2 for <openpgp@ietf.org>; Sat, 12 Aug 2017 11:57:56 -0700 (PDT)
Received: from guillem by master.debian.org with local (Exim 4.84_2) (envelope-from <guillem@master.debian.org>) id 1dgbbe-00084a-JK for openpgp@ietf.org; Sat, 12 Aug 2017 18:57:54 +0000
Date: Sat, 12 Aug 2017 20:57:53 +0200
From: Guillem Jover <guillem@hadrons.org>
To: openpgp@ietf.org
Message-ID: <20170812185752.lagvmaf62h3tv2rb@gaara.hadrons.org>
References: <20150918162458.GA14374@gaara.hadrons.org> <20151019165213.GA15609@gaara.hadrons.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20151019165213.GA15609@gaara.hadrons.org>
User-Agent: NeoMutt/20170609 (1.8.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/ldyRAssY9hdPp5HfnDlJ9Eu6mNY>
Subject: Re: [openpgp] OpenPGP Armor Message specification
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Aug 2017 18:57:59 -0000

Hi!

On Mon, 2015-10-19 at 18:52:13 +0200, Guillem Jover wrote:
> On Fri, 2015-09-18 at 18:24:58 +0200, Guillem Jover wrote:
> > As I mentioned to Werner and Daniel at DebConf 15, I think the
> > specification of the OpenPGP Armor Messages has some unclear parts,
> > which I think were part of the reason for several security issues
> > in multiple projects due to mismatched parsing of Armor Header Lines.
> > 
> >   <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695919>
> >   <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695932>
> >   <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696230>
> >   <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696234>
> >   <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704613>
> > 
> > Here are some things that would be good to clarify in RFC4880:
> > 
> > * In §6.2 there's no explicit definition of what ASCII characters are
> >   to be considered whitespace (contrast that with §7.1). In this case
> >   GnuPG considers whitespace to be «SPACE 0x20, HT 0x09 and CR 0x0D»
> >   and now most tools in Debian do too. I don't know if that matches
> >   with PGP for example.
> > 
> > * In §7, mention that this is a specific instance of §6.2?
> > 
> > * In §7, probably clarify that by «empty» in:
> >   «- Exactly one empty line not included into the message digest,»
> >   it means «blank» as in §6.2:
> >   «- A blank (zero-length, or containing only whitespace) line»
> 
> Ok, how about something along the lines of the attached patch against
> RFC4880bis?
> 
> Although maybe it would be better to define "whitespace" just once
> instead of inlining it in several places.

I've fixed a couple of typos and, now opened a merge request
<https://gitlab.com/openpgp-wg/rfc4880bis/merge_requests/6>;.

Thanks,
Guillem