ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

cleartext signed messages - UTF-8 - stripping the whitespace

2004-01-05 08:27:11
from [Ian Grigg] [Permanent Link] 

I'm working on some code that deals with cleartext
signed messages over UTF-8 [1].

In debugging the treatment of UTF-8, I looked at
the definition of mods that OpenPGP does to the
cleartext (paras 3,5) for signature treatment [2]:



    As with binary signatures on text documents, a cleartext signature
    is calculated on the text using canonical <CR><LF> line endings.
    The line ending (i.e. the <CR><LF>) before the '-----BEGIN PGP
    SIGNATURE-----' line that terminates the signed text is not
    considered part of the signed text.

    ....
    Also, any trailing whitespace (spaces, and tabs, 0x09) at the end of
    any line is ignored when the cleartext signature is calculated.



Here are the questions:



1.  In UTF-8, are there such things as line
    endings that are not of <CR> and/or <LF> form?

2.  Are there UTF-8 whitespace encodings that
    are not in the definitions above?

    I.e., not in "spaces, and tabs, 0x09" .

3.  What was the original deep dark motivation
    for stripping whitespace from the end of lines
    anyway?

4.  Do we care if UTF-8 has some weird whitespace/
    line endings?

5.  Are we explicitly ignoring these?

    Hence the question 3, perhaps the answer can
    guide us....



It seems the easiest thing is to say that we
explicitly do not include any UTF-8 characters
in the above discussion.  And add a clarifying
comment to that effect.

Perhaps also something to the effect of:

  Implementations
  MAY strip whitespace (including any UTF-8 whitespace
  that is recognised) from line endings before signing,
  so that the resultant cleartext signed message will
  not include any complex lines.

(That's essentially what I try and do in my code,
but I recognise that this goes beyond the standard....)

Alternatively, if someone can nail what UTF-8 does
in whitespace, it might be possible to put in more
consideration.


iang


[1] Code is based on Edwin Woudt's OpenPGP in Java
as found at
http://www.cryptix.org/products/openpgp/index.html
The application is Ricardian Contracts in Spanish.

[2] Looking at at section 7.1, Dash-Escaped Text, of the
current draft: draft-ietf-openpgp-rfc2440bis-09.txt
http://carmen.cselt.it/internet-drafts/draft-ietf-openpgp-rfc2440bis-09.txt
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  cleartext signatures - consistent naming, Ian Grigg
Next by Date:  Re: cleartext signed messages - UTF-8 - stripping the whitespace, Adrian 'Dagurashibanipal' von Bidder
Previous by Thread:  cleartext signatures - consistent naming, Ian Grigg
Next by Thread:  Re: cleartext signed messages - UTF-8 - stripping the whitespace, Adrian 'Dagurashibanipal' von Bidder
Indexes:  [Date] [Thread] [Top] [All Lists]