ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

armour pierced with PGP 8 arrow

2003-12-09 11:40:00
from [Ian Grigg] [Permanent Link] 

It appears that PGP 8 is breaking the spirit and intent
of the ascii armouring format, if not the "letter of the
law."

What it is doing is in essence putting in a Version that
is too long for some mailers' line slicing paramaters.
The result is that people receive this:




-----BEGIN PGP MESSAGE-----
Version: PGP 8.0.2 - not licensed for commercial use:
www.pgp.com

qANQR1DBw04Dxrpn2akpjMkQD/457fxRygbnZG7jAssMb4JuMeXqZdXmMhcGetrm
...
-----END PGP MESSAGE-----



Now, reading from the 28th October 2003 draft, it appears
that there is no comment on line length - but there are
comments on the line sanctity and on UTF-8 in the Comment
field that are apropos.

To cut the gordian knot, I propose:


1. changing the comment at the end of p49 to
include a warning on line length:

    ... The
    header lines, therefore, MUST start at the beginning of a line, and
    MUST NOT have text following them on the same line (BEWARE OF
    USING LINES THAT ARE LONG ENOUGH TO BE SLICED BY MAILERS).

(addition in caps...) (as a suggestion only).


2. moving the "Comment" comment out of that
section and/or expanding it to include a
comment about long lines.  Something like:


   Armor Header contents are not strictly defined, so may
   include UTF-8 strings and long lines.

   However, the point of Armoring is to provide a clean
   textual representation that survives transport over
   pernickety systems such as email.  Consequently, if an
   Armor Header includes such things as characters outside
   the range of US-ASCII or too many characters, the Armored
   message may not survive transport.


(At the bottom of page 50.) (because it seems
to apply equally to all armoured headers).


3.  It also seemed plausible to put in 
"rule of thumb" that the line length
of headers should be no longer than
the ascii armoured body line length.


I'm not wedded to any of those, just
thinking out aloud some thoughts on
improving the ID so it best serves.

iang


PS: To compound this, it appears that GPG
(1.2.2) is also rejecting these messages
out of hand.  It would appear that GPG is
in the right here, as there is this strict
rule:

   "OpenPGP should consider improperly formatted Armor Headers to be
    corruption of the ASCII Armor. ..."

(top of page 50).
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Removing Elgamal signatures, Lutz Donnerhacke
Next by Date:  Re: armour pierced with PGP 8 arrow, Will Price
Previous by Thread:  Re: Removing Elgamal signatures, Lutz Donnerhacke
Next by Thread:  Re: armour pierced with PGP 8 arrow, Will Price
Indexes:  [Date] [Thread] [Top] [All Lists]