ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Clearsigning, MIME, etc.

2002-04-16 18:06:10
from [Jon Callas] [Permanent Link] 

At 9:16 AM +0200 4/16/02, Thomas Roessler wrote:


With all due respect, OpenPGP with armoring gets you into all kinds
of hell as soon as you want to sign more than just us-ascii text,
and as soon as you want to verify the signature on a system
different from the one the signature was created on.  This is, in
particular, the case when users have to feed PGP with a recoded
version of the message.  Such recoding may be necessary in order to
properly display the message to you.


I understand, Thomas. But I have some comments on your last message.

Clearsigning is not armoring. They are different. If I hear armoring, and
you talk about clearsigning, we're going to talk at cross purposes. I
understand your comments on clearsigning, but lets's take them one step at a
time.

[Note: There are unicode characters below.]

☞ Your message displays properly under Entourage X on my Mac. Yay! It also
displays correctly with Mail.app, which ships with OSX. It does not display
correctly under Eudora for OSX. Boo (?). If I take said message, paste it
into BBEdit, it displays correctly. Yay! If I save out said message in UTF8
with DOS line ends (another ? for BBEdit), it verifies correctly with GPG
1.06. Another yay!

[The previous paragraph contains a right-pointing hand (\u261e), a
skull-and-crossbones (\u2620), and a smiley face (\u263a). The next
paragraphs lead with the hand.]

☞ I know that you said "Windows" and I'm on a Mac. But it works. I have a
mail client and text editor that both displays UTF-8 and verifies your
clearsigned message. It even works in spite of the fact that your message
has trailing whitespace on its lines. So this *is* possible to do! Just get
a Mac. Failing that, convince some MUA developers to do the right thing on
Windows and Linux.

☞ This exercise I went through proves my point, to my mind. With a
clearsigned message, I can see the intended characters as well verify the
message's signature. In short, the system works. Some group of people have
all implemented unicode, OpenPGP, and mail handling and it all worked. To my
mind, this makes it *not* a standards issue. It is a software implementation
issue.

☞ More to the point, if the message were not clearsigned, if it were MIMEd,
I would be unable to easily go to the trouble of verifying the message using
a text editor and GPG. I would have had to pry open MIME parts, construct
OpenPGP headers, and hope I got it all right. The clearsigned message just
plain worked, even with unicode in it. I have no MIME-encoding tools. Yeah.
I could use Mutt. I know. And you could go get a Mac.

Nonetheless, I'd love to hear what you have to say about 8859-1 and 8859-15.
I've gone and looked up 8859-15 (which I'd never heard of before), and would
like to hear your insights.

    Jon
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: bis04, David Shaw
Next by Date:  literal data packet tags - nit, Thomas Roessler
Previous by Thread:  Clearsigning considered harmful., Thomas Roessler
Next by Thread:  Re: Clearsigning, MIME, etc., Thomas Roessler
Indexes:  [Date] [Thread] [Top] [All Lists]