At 10:58 PM -0700 1999-10-17, Jon Callas wrote:
[...]
A summary of the problem is that that 2440 does not cover the case where
a clear-signed message does not end with a CRLF or is of length zero.
My suggestion is this: Don't do that, you'll hurt yourself. Why don't we
just declare that that's bad? If a clear-signed message isn't
CRLF-terminated, add one. This also handles the zero-length case, because
that just becomes a single blank line.
I admit that it never occurred to me that you COULD have a clear-signed
message with no CRLF.
My memory may be faulty, but I believe that both RFC 1991 and our
OpenPGP/MIME draft simply implicitly assume that you can't have a
length-zero message, because it makes no sense to provide a digital
signature on _nothing_. You can't even use such a zero-length message
to verify someone's ownership of a _key_, which you could do with a
one-byte (i.e. one char) clearsigned message.
This just strikes me as aesthetically bad that the END header could
dangle at the end of a line, and contrary to the intent of
cleartext, if not its stated or implied definition. This seems to me
to hinge on the definition of "canonical text-mode" text, and I
always thought that canonical text-mode text always ended with a
line end. Am I wrong on this? [...]
No, the armoured footer line should (always) be preceded by a CRLF.
You're right that it's an imperative for implementors to ensure this.
dave
___________________________________________________________________________
The Shortest Correspondence on Record, sent by a 19th C. writer on vacation
via telegraph to his Publisher, inquiring about sales of his new novel: "?"
The answer came back shortly, also by Morse Code: "!"