ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Cleartext Signatures

2005-10-11 13:36:28
from [Jon Callas] [Permanent Link] 


On 10 Oct 2005, at 11:48 AM, Ian G wrote:



Ben Laurie wrote:


Sigh. The I-D says armour lines are at most 76 characters.




!IIRC, so replace 'standard' with fixed.

Getting back to the point of vedaal's kindly
provided suggestion, the length of the armour
lines is not fixed, and successive implementations
have wrestled with the length, gradually setting
it less as newer mailer and editor artifacts pop
out of the electronic woodwork.

My point is that the length of the Header/Tail Lines
and/or the Armor lines suggests a more effective
maximum to the length of the headers, as then the
headers themselves won't cause any problems.

If it is a big enough issue, I'd suggest adding
the following guidance:
The format of an Armor Header is that of a key-value pair. A colon 
    (':' 0x38) and a single space (0x20) separate the key and value.
    OpenPGP should consider improperly formatted Armor Headers to be
    corruption of the ASCII Armor.  Unknown keys should be reported to
    the user, but OpenPGP should continue to process the message.
  ******
    From experience, implementations may limit or warn if the length
    of any Armor Header exceeds the length of other lines.
  ******

Or somesuch, towards end of page 49.  Here's an alternate:

  ******
    As messages may experience various transformations during
    transport, resiliance may be improved if Armor Headers are
    kept short, by for example being no longer than the length
    of other lines (Armor Header Lines or the Armor itself).
  *****


Okay, but.

OpenPGP is not an email standard. It is a data format standard.
Yes, many uses of OpenPGP are in email. But not all, and possibly even not most. (I have heard it asserted that there are more signed files than emails.)
I remember a past argument about the comment header, for example, noting that an appropriately clever person could make a comment that would do something that someone doesn't like because of high-bit issues, character sets, etc. Our ending decision was to note that if you hurt yourself, you hurt yourself.
The only reason I would prefer not doing anything here is that I don't want to keep putting in hints for good interactions with mailers in 2440bis. We are a superset of mail.
The spec as it stands is clear, and someone who puts this into mail has to deal with long body lines in a cleartext message, anyway. They're the mail expert, I'm not. 

    Jon
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  WGLC for draft-ietf-openpgp-openpgp-15 ends Oct 28 1700EDT, Derek Atkins
Next by Date:  Re: Signature calculation language, Jon Callas
Previous by Thread:  Re: Cleartext Signatures, Ian G
Next by Thread:  Re: Cleartext Signatures, Ian G
Indexes:  [Date] [Thread] [Top] [All Lists]