On 2001-02-13 09:19:37 -0800, hal(_at_)finney(_dot_)org wrote:
Thomas, Roessler <roessler(_at_)does-not-exist(_dot_)org>, writes:
Now, for PGP/MIME, this turns into a really ugly problem: RFC
2015 does not specify which kind of signature to use. However,
it does specify how the signed material should be canonicalized
before hashing.
[...]
In that case, the second question above, "what exactly should be
hashed" is an open one.
Could you clarify which of these questions is/are at issue?
With traditional PGP, a text mode signature means that PGP
canonicalizes line endings, and then calculate the hash over the
result. A binary signature would just hash the raw data.
With OpenPGP, a text mode signature means that the implementation
strips trailing white space, canonicalizes line endings, and
caluclates the hash over the result.
Obviously, these text signatures are based on different hash values
as soon as any trailing white space is involved.
Now, what RFC 2015 does is to pre-canonicalize the signed material
in a way which lets the distinction between binary and
(traditional!) text mode signatures disappear, as far as the hashes
are concerned. Thus, a verifier can calculate a single hash without
knowing about the kind of signature, and then verify the signature
when it's encountered in the input stream.
My suggestion was now to mandate one of the signature modes, and
thus one way to hash the data. However, as Bodo pointed out
correctly, it's most likely more reasonable to put in a further
restriction on the signed data, and leave the binary vs text
question unspecified.
--
Thomas Roessler <roessler(_at_)does-not-exist(_dot_)org>