ietf-822
[Top] [All Lists]

Re: Format=Flowed/RFC 2646 Bis (-02)

2003-11-03 11:59:44

Randall Gellens <randy(_at_)qualcomm(_dot_)com> writes:

An updated draft which is intended to replace RFC 2646 has been sent
in; because of the crush of last-minute submissions, there may be a
delay before the announcement appears.  During this time it is
available at
<ftp://ftp.pensive.org/Public/Randy/draft-gellens-format-bis-02.txt>.

This version reflects comments received during IETF Last Call.

The changes from the -01 version are a discussion of OpenPGP's
stripping of trailing whitespace before calculating the signature,
mention of Unicode Annex 14, and some text clean-ups/clarifications .

Thanks for adding the OpenPGP discussion.  Given the subtleness of the
issue, I believe the document should not only mention it, but also
give normative advice on how the combination of OpenPGP and
format=flowed is to be implemented.  Otherwise implementors will
ignore the problem, as they do today.

When I look at how to properly implement both OpenPGP and
format=flowed, I can't come to any other conclusion than that security
is more important than maintaining soft paragraph breaks.  That means
a client should not flow OpenPGP signed data, when it present the
outcome as something that OpenPGP guarantee is what the sender sent.
If the client would flow a message, someone in transit may modify the
rendering of a message without being detected by OpenPGP.

Repeating the text from RFC 2440, saying that PGP/MIME aka RFC 3156
SHOULD be used in messaging applications, may be sufficient.  Perhaps
promote it to MUST within the scope of flowed messages.

Thanks,
Simon


<Prev in Thread] Current Thread [Next in Thread>