ietf-openpgp
[Top] [All Lists]

Re: Outstanding question - rule on cleartext signing last line

2005-12-27 14:50:47

On Tue, Dec 27, 2005 at 02:29:44PM -0500, David Shaw wrote:

The problem arises if you want to clearsign but still get data
interchange.  The sender needs to know not only how the data will get
verified, but also how it will be stored if the signature is stripped
away.  We didn't spec this because it didn't seem to fit that well into
the clearsign model, which is oriented around presenting data with the
signatures in place.

I think the concern is not so much that we need the ability to data
interchange, but that there is a point of ambiguity in the standard
such that

  Un-Clearsign ( Clearsign ( A ) ) != A

in some cases, specifically around the lack or presence of a line
ending on the final line of A.

I think, clearsigned and one-pass signed text documents should work the
same way. Data interchange AND human-readability together are worth
pursuing. I think, it is perfectly reasonable to expect that

Canonize ( Un-Clearsign ( Clearsign ( A ) ) ) == Canonize ( A )

-- 
Daniel