On Fri November 5 2004 13:06, Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:
Even modulo the 'From ' breakage, a correctly calculated signature
on canonical form won't survive software that decided to wrap a
long single-line Recieved: and make it into 3 or 4 shorter lines...
True, but the invalid media content ("From " line and possibly
non-standard line endings) may have triggered the changes.
You haven't said which list was involved; certainly this mailing
list is able to handle signed messages:
is an HTML-munged version of a list message that survived expansion
with PGP signature intact.
If such rewrapping is considered OK, then we really need to look
at fixing the PGP signature algorithm to consider all spans of
whitespace as equivalent (collapse down to single blank for signature
It's probably not that simple; as far as header fields are concerned,
comments are semantically equivalent to whitespace -- that should
be considered as well. Arnt raises the issue of (RFC 2047) encoding
in human-readable filed components (comments, phrases, and
unstructured fields). As far as body content is concerned, whether
or not "whitespace" is considered significant depends on the
specific media type -- it can certainly be argued that it might be
significant for application/octet-stream, and that the signature
should be sensitive to whitespace variations for that media type.
And Ned and I have raised the issues of legacy MIME implementations,
non-MIME implementations, and non-conforming implementations.