[Top] [All Lists]

Re: Literal packets and canonicalization

2004-05-06 12:56:29

On Thu, May 06, 2004 at 03:10:17PM -0400, Hasnain Mujtaba wrote:


I was reading section "5.9. Literal Data Packet" of RFC2440 and I had a
question: What are the concequences of not canonicalizing text data
before storing it in a literal packet and using the literal packet to
form either an encrypted packet or signature packet? 

The file should decrypt properly, and (at least in PGP and GnuPG)
signatures should verify properly regardless of the canonicalization.

What if the sender marks all literal data as binary 'b', even if the
literal data is text?   

The bad thing that will happen is that recipients on platforms that
have a different text line ending convention than the sender will see
somewhat mangled text in the output.

For example: Macs generally end lines with CR.  Unix machines
generally end lines with LF.  Sending data from one to the other
without the benefit of canonicalization results in one very long
"line" with occasional CRs or LFs in there.  Some text editor/viewer
programs do heuristics to detect and fix this problem, but it's
generally better to canonicalize which lets the OpenPGP program handle
it automatically.