On 2001-02-13 15:59:37 -0800, hal(_at_)finney(_dot_)org wrote:
Isn't the real, operational issue here a question of whether
trailing white space should be hashed? The choices are to say
yes, or no, or it depends on the type byte in the signature.
I can't help thinking that the distinction between text and
binary mode is not that useful in solving this problem. Let's
not get hung up on the specification incompatibility between PGP
2.X and OpenPGP.
The real question is whether to hash trailing whitespace or not.
One way to help decide this is to look at how existing
implementations do it.
Maybe. With mutt, it currently depends on the PGP back-end used,
which is invoked as an external program. However, we don't have
lots of problems with trailing whitespace in practice, because it's
avoided unless someone sets a certain shoot-yourself-into-the-foot
option.
I can tell you that on message receipt, the commercial versions
of PGP from Network Associates DO hash trailing whitespace on
PGP/MIME messages. That is, they are sensitive to the presence of
trailing whitespace and it is included in the hash. This is true
regardless of whether the signature type byte is text or binary
mode. That may or may not be compatible with the spec but that
is how these versions work.
This means that you are interoperable with anyone else using pgp2 or
pgp5 as the back-end, but it also means that you are not
interoperable with people using pgp6 or gnupg as their back-ends, as
soon as trailing whitespace is involved.
To make things more interesting, people won't be able to just
decompose a PGP/MIME message and verify the signature as a "detached
signature" like they should be able to do - at least not if they use
the same version of PGP which verifies the signature nicely in their
MUA.
Oh well...
Since interoperability is an illusion anyway with respect to t.w.,
and things seem to work despite this, we should most likely really
just say that implementations MUST NOT feed any t.w. to the signer.
(Note that, in this case, your PGP/MIME code would just notice when
tw is added to a message, regardless of the signature type used.
It's really just a restriction on the sending end to help different
verifiers to produce consistent results.)
--
Thomas Roessler <roessler(_at_)does-not-exist(_dot_)org>