On Tue, Dec 27, 2005 at 10:27:16PM +0100, Daniel A. Nagy wrote:
On Tue, Dec 27, 2005 at 02:29:44PM -0500, David Shaw wrote:
The problem arises if you want to clearsign but still get data
interchange. The sender needs to know not only how the data will get
verified, but also how it will be stored if the signature is stripped
away. We didn't spec this because it didn't seem to fit that well into
the clearsign model, which is oriented around presenting data with the
signatures in place.
I think the concern is not so much that we need the ability to data
interchange, but that there is a point of ambiguity in the standard
such that
Un-Clearsign ( Clearsign ( A ) ) != A
in some cases, specifically around the lack or presence of a line
ending on the final line of A.
I think, clearsigned and one-pass signed text documents should work the
same way. Data interchange AND human-readability together are worth
pursuing. I think, it is perfectly reasonable to expect that
Canonize ( Un-Clearsign ( Clearsign ( A ) ) ) == Canonize ( A )
That is a much larger task than the current final-line-ending
question. Canonical text for a literal packet type 't' and canonical
text for clear signing are not the same.
In a 't', line endings are converted to CRLF. In a clear signature,
line endings are converted to CRLF and trailing whitespace is removed.
Thus, you can convert a clear signature to a signed 0x01 document, but
not necessarily from a signed 0x01 to a clearsigned document.
I don't think it is reasonable to expect interchange here. If text
interchange is desired, then there is a form for that (literal 't').
Clear signed is intended for different situations where trailing
whitespace may well not survive transport - clear text
canonicalization is a lossy format because of this. The fact that a
clear signed document can be converted to a signed 0x01 document is an
interesting curiosity, but not much more than that.
I have a mild interest in fixing the clearsign end-of-document
ambiguity, but I don't want to start changing the canonicalization
rules for either 't' or clear text.
David
p.s. Incidentally, speaking of clear signed data, there are
differences in practice in what trailing whitespace is removed. Some
programs remove space and tab. Some programs remove only space.
Currently, a trailing tab in a clearsigned document is an effective
way to break interoperability.