ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Dash-escaping and the Usenet sig convention

2000-12-21 04:47:00
from [Ian Bell] [Permanent Link] 
On Tue, 12 Dec 2000, Ian Bell <ianbell(_at_)turnpike(_dot_)com> wrote:

On Tue, 12 Dec 2000, Werner Koch <wk(_at_)gnupg(_dot_)org> wrote:



We have been asked to munge the dash-stuffed clear text as in practice
the use of PGP/MIME signed messages causes more complaints than clear-
signed messages, but clear-signing messages causes complaints about
broken sig-seps :-(



It is a matter of the MUA to handle this right.  Mutt for example
does remove the dash escaping even when it does not verify the
signature.


MUAs in general won't handle this right because for the most part MUAs
are PGP-unaware. The interoperability problem here is between PGP-aware
MUAs and PGP-unaware MUAs . Clear-signed messages are more acceptable to
PGP-unaware MUAs if the sig-sep is not hyphen-stuffed, and hence clear-
signing will be more acceptable in newsgroups and mailing-lists.

In order to increase the acceptability of PGP signed messages in
general, could 7.1 in 2440bis be amended as follows?


7.1. Dash-Escaped Text

   The cleartext content of the message must also be dash-escaped.

   Dash escaped cleartext is the ordinary cleartext where every line
   starting with a dash '-' (0x2D) is prefixed by the sequence dash '-'
   (0x2D) and space ' ' (0x20). This prevents the parser from
   recognizing armor headers of the cleartext itself. The message
   digest is computed using the cleartext itself, not the dash escaped
   form.

*  Note: dash-escaping can cause interoperability problems between PGP-
*  aware clients and PGP-unaware clients because some commonly used 
*  separator conventions use lines starting with multiple dashes. To 
*  improve interoperability in these cases, clients MAY omit the dash-
*  escaping for lines that cannot be armor headers and that are not 
*  already dash-escaped. Lines beginning with dash-space (0x2D, 0x20),
*  or with five dashes MUST be dash-escaped.

   As with binary signatures on text documents, a cleartext signature
   is calculated on the text using canonical <CR><LF> line endings.
   The line ending (i.e. the <CR><LF>) before the '-----BEGIN PGP
   SIGNATURE-----' line that terminates the signed text is not
   considered part of the signed text.

   Also, any trailing whitespace (spaces, and tabs, 0x09) at the end of
   any line is ignored when the cleartext signature is calculated.

-- 
Ian Bell                                           T U R N P I K E
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Don't Get Ripped Off!, carlgroh
Next by Date:  Re: Dash-escaping and the Usenet sig convention, Werner Koch
Previous by Thread:  Re: Dash-escaping and the Usenet sig convention, Ian Bell
Next by Thread:  Re: Dash-escaping and the Usenet sig convention, Werner Koch
Indexes:  [Date] [Thread] [Top] [All Lists]