[Top] [All Lists]

Re: Lack of clarity in dash-escaped?

2005-11-30 07:53:04

Ben Laurie wrote:
As it is, since I think the idea of stripping them is stupid, I don't
really care either way, but it would be good if the document were clear.

The issue that it is meant to solve is that
many applications end up adding whitespace
to the ends of lines.  Not just mailers, but
editors, cut&paste, etc.

So the "do not include trailing whitespace"
is an attempt to make the cleartext signature
more robust within the text world it inhabits.
For me, it is a good feature, it makes the
contracts that I send around more reliable;
but always recognising that there are limits
to this game, as the same tools that do this
also do silly things like slicing up lines
and doubling up on newlines.

I suppose the above text could change "generated"
to "calculated" to make it clearer?  That is, if
my interpretation is the consensus.

I think you have to say " the end of the line is not included in
the signature calculation" to remove the ambiguity (if leaving them in
the text is intended).

I agree with that.  So I'd agree that this
is a late change that might slip in before
the end if we still have time (always looking
over shoulder to see if the final date is
about to run us over...):

    Also, any trailing whitespace -- spaces (0x20) and tabs (0x09) -- at
    the end of any line is not included in the signature calculation."

Maybe add:

    It is an application decision whether to remove trailing whitespace.

(or maybe not.  This horse has died so many times.)

No - what you are proposing is not reversible. Always adding a <CR><LF>
_is_ reversable.

Right.  See response to Daniel, who pointed out
the fuller understanding.  So if that is the rule,
we need:

    The line ending (i.e. the <CR><LF>) before the '-----BEGIN PGP
    SIGNATURE-----' line that terminates the signed text is not
    considered part of the signed text."

to change to:

    On signing, a line ending (i.e. the <CR><LF>) is always
    inserted at the end and before the '-----BEGIN PGP
    SIGNATURE-----' line that terminates the signed text.
    This line ending is not part of the signed text nor the
    signature calculation.  It should be stripped when the
    signature is verified and an unsigned document revealed.

Or somesuch.  But I'd like to hear from some of
the old timers to hear whether that is the rule
here.  The alternative is that we simply define
the document as always having a trailing newline,
and that may be non-reversable.