[openpgp] OpenPGP Armor Message specification

Guillem Jover <guillem@hadrons.org> Fri, 18 September 2015 16:25 UTC

Return-Path: <guillem@master.debian.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 0E37A1A1A7C for <openpgp@ietfa.amsl.com>; Fri, 18 Sep 2015 09:25:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.79
X-Spam-Status: No, score=0.79 tagged_above=-999 required=5 tests=[BAYES_50=0.8, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id pI_xRf5NSg5T for <openpgp@ietfa.amsl.com>; Fri, 18 Sep 2015 09:25:06 -0700 (PDT)
Received: from master.debian.org (master.debian.org [IPv6:2001:41b8:202:deb:216:36ff:fe40:4001]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2D6E1A1A94 for <openpgp@ietf.org>; Fri, 18 Sep 2015 09:25:05 -0700 (PDT)
Received: from guillem by master.debian.org with local (Exim 4.84) (envelope-from <guillem@master.debian.org>) id 1ZcyT9-0001ef-Fq for openpgp@ietf.org; Fri, 18 Sep 2015 16:25:03 +0000
Date: Fri, 18 Sep 2015 18:24:58 +0200
From: Guillem Jover <guillem@hadrons.org>
To: openpgp@ietf.org
Message-ID: <20150918162458.GA14374@gaara.hadrons.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/ryzRcpoT4peM-ebwAxy2RV05qPs>
Subject: [openpgp] OpenPGP Armor Message specification
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Sep 2015 16:47:14 -0000


As I mentioned to Werner and Daniel at DebConf 15, I think the
specification of the OpenPGP Armor Messages has some unclear parts,
which I think were part of the reason for several security issues
in multiple projects due to mismatched parsing of Armor Header Lines.


Here are some things that would be good to clarify in RFC4880:

* In §6.2 there's no explicit definition of what ASCII characters are
  to be considered whitespace (contrast that with §7.1). In this case
  GnuPG considers whitespace to be «SPACE 0x20, HT 0x09 and CR 0x0D»
  and now most tools in Debian do too. I don't know if that matches
  with PGP for example.

* In §7, mention that this is a specific instance of §6.2?

* In §7, probably clarify that by «empty» in:
  «- Exactly one empty line not included into the message digest,»
  it means «blank» as in §6.2:
  «- A blank (zero-length, or containing only whitespace) line»