Ian G wrote:
Ben Laurie wrote:
" Also, any trailing whitespace -- spaces (0x20) and tabs (0x09) -- at
the end of any line is removed when the cleartext signature is
generated."
Does this mean they should not be included in the signature, or also
that they should be stripped from the dash-escaped text?
They should not be included in the signature
calculations. It is an open question as to
whether they should stripped from the text or
not, up to each application. I would; but
Jon has posted on good reasons why it is not
the job of the application to change the doc
that is being processed (signed).
I would agree, if you ended up signing the unchanged document :-)
As it is, since I think the idea of stripping them is stupid, I don't
really care either way, but it would be good if the document were clear.
I suppose the above text could change "generated"
to "calculated" to make it clearer? That is, if
my interpretation is the consensus.
I think you have to say "...at the end of the line is not included in
the signature calculation" to remove the ambiguity (if leaving them in
the text is intended).
" The line ending (i.e. the <CR><LF>) before the '-----BEGIN PGP
SIGNATURE-----' line that terminates the signed text is not
considered part of the signed text."
Does this mean that one should insert an extra <CR><LF> before the
terminating line? I notice that at least some implementations do not.
No, there is no need to insert anything, just
not include the <CR><LF> that must preceed the
'-----' line in the signature calculation. In
this case I would say that there definately
should not be an extra line ending inserted,
as that is changing the document in a way that
is not reversable.
No - what you are proposing is not reversible. Always adding a <CR><LF>
_is_ reversable.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
** ApacheCon - Dec 10-14th - San Diego - http://apachecon.com/ **
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff