I've thought about this too, but I couldn't come to a
conclusion w.r.t., the line trimming issue.
It seems that an attack succeeds or fails no matter what
is done with the trailing whitespace, and the real issue
is whether the display system will be fooled or not.
If whitespace is not trimmed, then the attack is done
pre-signing, so the result is a signed/verified message
that says two different things depending on which system
it is displayed on. And the original intent is lost.
If whitespace is trimmed, then the attack can be done
post-signing, and the two different meanings are again
presented depending on the display system. But the
original intent is clear.
Which is better/worst is not clear to me, YMMV.
Perhaps the answer is to put a warning in the ID that
states to effect of:
Trimming whitespace may open a cleartext signed
message to an attack of overstriking of key parts
of text. Display of cleartext signed messages
should take care to strip whitespace before display
(both before and after signing and verification).
?
iang
Hal Finney wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There was a mention some time back of a possible attack on the proposed
algorithm:
DON'T SEND THE DATA TO ALICE
After signing this message, I've added a CR and 5 spaces to the above
line, which will obscure the word DON'T on some systems. The signature
will still verify if we strip CR with the whitespace, but a superficial
look at the message may produce the wrong impression.
Hal
-----BEGIN PGP SIGNATURE-----
Version: McAfee E-Business Server v7.1.2 - Full License
iQA/AwUBQFHx3asSfKQ41E4qEQJpoACg917UqU5xQNrAiKWbW5b8bFqkfHoAnRZU
myqu4AvEwpkH+kpl9+Axztg4
=tCiJ
-----END PGP SIGNATURE-----