On 2001-02-13 15:14:28 -0500, Derek Atkins wrote:
a) specify a canonicalization and require binary sigs.
Unfortunately this invalidates a number of
implementations that currently use text sigs.
b) specify a canonicalization that matches text and allow
either binary or text sigs. Unfortunately this has the
problem that RFC1991 and RFC2440 have different ideas
of what should be included in a text-mode signature.
c) Change the PGP/MIME canonicalization requirements to
match RFC2440 text-mode. This has the effect that
previous messages (and probably many implementations)
wont be PGP/MIME compliant.
What precisely is the difference between b) and c) supposed to be? I
seem to be missing some point here.
Anyway: When text and binary mode hashes (as I'll call them by abuse
of language) calculated according to RFC 2440 conincide, the text
hash from RFC 1991 coincides, too. Additionally, protecting
trailing white space by way of an appropriate encoding has been a
good idea in the past, and was suggested and demonstrated in one of
the example messages in RFC 2015.
For this reason, we may actually be in the lucky situation that
implementations already fulfill most of the stricter requirements
suggested.
Maybe some implementors can say a word about this?
(To contribute my own part, mutt should be fine with it, and I'm
certainly willing to fix any holes through which trailing whitespace
might creep.)
--
Thomas Roessler <roessler(_at_)does-not-exist(_dot_)org>