ietf-822
[Top] [All Lists]

Re: Format=Flowed/RFC 2646 Bis (-02)

2003-11-17 10:15:26

In <iluk762tygh(_dot_)fsf(_at_)latte(_dot_)josefsson(_dot_)org> Simon Josefsson 
<simon+ietf-822(_at_)josefsson(_dot_)org> writes:

I agree with you that it isn't right, but it is what the draft says.
That's my point.  The text was quoted in my replace, but here is the
text again:

5.6.  Digital Signatures and Encryption

   If a message is digitally signed or encrypted it is important that
   cryptographic processing use the on-the-wire Format=Flowed format.
   That is, during generation the message SHOULD be prepared for
   transmission, including addition of soft line breaks,
   space-stuffing, and [Quoted-Printable] encoding (to protect soft
   line breaks) before being digitally signed or encrypted; similarly,
   on receipt the message SHOULD have the signature verified or be
   decrypted before [Quoted-Printable] decoding and removal of stuffed
   spaces, soft line breaks and quote marks, and reflowing.

The text say that MUAs SHOLD do things differently from what you
describe.

Yes. It is clear that the text in the present draft is plain wrong; but I
had been reading it as indicating the use of PGP/MIME, and if you add a
few words about PGP/MIME to it, then it makes sense again.

FWIW, your approach has the security problem that started this thread;
it makes it possible for someone to in transit add trailing SPC to the
PGP message, and add a format=flowed tag to the headers, without being
detected.

I don't think that is all that important. There is not much you can do by
way of malicious alteration to a message if all you can do is to change
the where the line breaks are perceived to be. Yes, it would be better to
ensure all the trailing spaces get included in the signature, and hence
PGP/MIME is strongly to be recommended. But people are undoubtedly going
to try to use inline PGP whatever we say, in which case a warning of its
limitations is all that is needed in the document.

I haven't seen a way to support both inline PGP and format=flowed
without creating one problem or another.

Well one possibility is to turn off textmode before signing (but people on
Unix systems will then have to edit in explicit CRs first). The bad news
is that all PGP systems turn off clearsigning when textmode is off.

Here is a signed text with some trailing whitespace in it (and it will be
proof against systems that munge WS too).


-----BEGIN PGP MESSAGE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: sztuKj80+CHXhMNFdIs+RvEXUiwG4BTc

owHrZKhmZmWw37Frydq4V746oh9XMjJ6izMbtL5bvEb++h6OIyULuNRL1MrOOrwS
dNftFQiODP9xWi0ojHsdu0lqlMsywx/HPc7e6H0R+H1u4Nrpr6/tz1q/q4i3+VYS
u7Ao3ydftZCAgKDFMR4cv87+cfdXuCI/7ZKDstbnF6EiPDXaG5essU1iLS5Jycxj
AIKQjFSFnMy8VIXk/LySxMy8YoXUisTkkpxKBVOFkqLETKBcukJxQWJyarECCPBy
AQA=
=t64i
-----END PGP MESSAGE-----

But it is not much use to those who are not pgp-aware :-( .

2. Use RFC 3156 (PGP/MIME).

Right.  This is what I believe should be used instead.

Indeed so.

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133   Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, 
CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5