Re: Outstanding question - rule on cleartext signing last line
2005-12-28 00:35:26
I have some general opinions about this issue.
(1) I don't think the spec should change. The reason that I don't
think it should change is that we're in last call. We want to tidy
this thing up. Changes to the spec are most likely going to get
something that is "right" but causes a decade of interoperability
twists that we will "resolve" by declaring old versions to be bogus
and the new behavior that no one does to be right. Then a half-dozen
years from now, we'll go back to whatever it says now.
If you don't believe me, this is *exactly* what happened with the
whole blank-trimming thing.
Now, then, I am not opposed to having a clarification in the spec.
I'll merely allude to my standard comment that OpenPGP Formats is not
a How To Write An OpenPGP Application which everyone's heard at least
once. And yes, I know there's a big fat fuzzy grey line between
clarifications and telling people how to code.
(2) I don't see how in the general case clearsigning can be a
reversible operation. There are several reasons for this. We have a
way to sign data reversibly. That is binary-mode signing. Binary-mode
signing is not clearsigning. We also have an higher-level
abstraction, text-mode signing. Text-mode signing is not, in the
general case, reversible. The reason is that OpenPGP takes this
abstract text object and then translates it into the native text
format of the receiver's system. If one of us is on a unix box, and
one of us is on Windows, then it's very difficult for us to talk
about what the heck reversibility is. Ambiguities about text-mode are
not new to OpenPGP. They date back at least as far as FTP, and they
are a good thing, not a bad thing.
Clearsigning is an abstraction built on top of text mode that further
abstracts the signature. Text-mode signing is not human-readable. It
still involves packets. Clearsigning is human-readable and that's the
whole point.
I believe that good human interaction is a better virtue than
reversibility. Let me give an example.
Consider these three text files:
"a" (the file containing the letter 'a')
"a\n" (the file containing an 'a' and followed by a line-end)
"a\n\n" (the same, but with two line-ends)
If the first two look the same when clearsigned, this is not a bug,
it's a feature. The point of clearsigning is that it be a pleasant
experience for the user who wants to read the text, while making it
so that a signature can be verified. I expect the third one to have
one more blank line than the second one. I don't care how many more
it has than the first one.
I'm on a unix system and if I 'more' each of the first two, they come
out the same on my terminal. If I 'cat' them, they do not, and I
believe that this is braindamaged, even if it is "right" and even
after you explain to me in detail that it's "right." It may be right,
but it's still braindamaged.
Whatever GnuPG, PGP, etc. are doing are okay. I see lots of
clearsigned messages and nothing ever rubs my aesthetics the wrong
way. The purpose of clearsigning is to make it easy to read by
humans. Abstract properties like reversibility are secondary; if you
want the thing to be reversible, then use a detached signature, for
Pete's sake!
If there is some application out there that were to compress a
zillion newlines into some reasonable number like one, two, or three
in the output of a clearsigned message, then more power to them!
There's nothing in OpenPGP that says you can't do that.
(3) I am firmly against any tweak to the spec, including commentary,
that requires any implementation that's got versions past 1.0.1 to
have to make a code or behavior change. It's far, far too late for that.
Whatever is out there is good enough. If we can make life easier for
the likes of Ben and Rachel and other people who are making new
systems, we should. But this should not burden any existing system
one iota.
Jon
|
|