[two slight preferences for "no trimming whitespace for 0x01 sigs"]
David Shaw wrote:
Okay, so here's a proposal. In section 5.2.1, the text currently
reads:
0x01: Signature of a canonical text document.
This means the signer owns it, created it, or certifies that it
has not been modified. The signature is calculated over the
text data with its line endings converted to <CR><LF> and
trailing spaces (0x020) and tabs (0x09) removed.
I suggest:
0x01: Signature of a canonical text document.
This means the signer owns it, created it, or certifies that it
has not been modified. The signature is calculated over the
text data with its line endings converted to <CR><LF>.
This is the same as before but trailing whitespace is not removed.
I suggest that if there is to be a change, then there
might need to be some note reflecting that change.
Something like:
0x01: Signature of a canonical text document.
This means the signer owns it, created it, or certifies that it
has not been modified. The signature is calculated over the
text data with its line endings converted to <CR><LF>.
Note. Some non-conforming implementations may calculate over
canonical lines with trailing whitespace removed (spaces
and tabs).
Also, some clarification as to how to deal with
the programs out there:
On verification, an implementation MAY retry using this
format but SHOULD NOT sign with it.
All negotiable comments!
Note that I'm only talking about 0x01 signatures here. Cleartext
signatures, and the trimming therein, should be unchanged by this.
Understood.
Rationale: there are good reasons to do whitespace trimming for
cleartext signatures (mail mangling, cut and paste mangling, etc).
These reasons do not apply to an 0x01 signature as it is not cleartext
- it is protected inside the binary or ascii armor shell. In general,
if we have no good reason to tamper with user supplied input, I think
we should keep hands off.
I repeat my weak vote (in the sense that I
don't use such signatures so I have no real
vested interest or experience). We need to
see what others say on this I suspect, as 2
slight leanings doesn't a consensus make!
Also, I'd like to hear from Jon and Derik on whether
they are still asking for text proposals, I saw that
all the text and consensus over the last month for
cleartext signatures did not get used, and did not
see why.
iang
slight leanings doesn't a consensus make!
Also, I'd like to hear from Jon and Derik on whether
they are still asking for text proposals, I saw that
all the text and consensus over the last month for
cleartext signatures did not get used, and did not
see why.
iang