Thomas Roessler <roessler(_at_)does-not-exist(_dot_)org> writes:
I suppose that your preferred solution would be to mandate
binary-mode signatures, so there is no need to give extra protection
to trailing whitespace. However, specifying this would mean that
most current implementations don't conform to the spec, unless I'm
severely mistaken. Florian?
IMHO, the best solution is to use a new signature type (i.e. signature
on a MIME part) in RFC 2440bis:
0x41: Signature of a MIME part.
This means the signer owns it, created it, or certifies that it
has not been modified. The signature is calculated over the
text data with its line endings[1] converted to <CR><LF> and
trailing blank characters on each line removed. Trailing blank
lines are also removed.
Otherwise, we have to deal with this kind of problems for years.
[1] See comment in the next article.
--
Florian Weimer
Florian(_dot_)Weimer(_at_)RUS(_dot_)Uni-Stuttgart(_dot_)DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898