On Fri, 23 Apr 2004, Peter Hesse wrote:
I agree with Blake that there is already a recommendation in the document
that "additional steps are recommended to defend against known corruptions
that can occur during mail transport that are of particular importance
for clear- signing using the multipart/signed format." I also
want people to understand that this is a prevalent problem, and anything we
can add to reduce the likelihood of occurence is a good thing. The
suggestion to use quoted-printable encoding for messages which have "From"
in the beginning of the line appears nowhere other than the sample message
in 3.1.4--which is easily ignored.
While I can't argue against the idea of escaping mechanisms to prevent
clear-signed messages from being mangled, I do wonder how the authors
of such non-compliant software will get an incentive to repair their
code. Actually, I also wonder if they would even be made aware that
there's a problem since a symptom of the problem (signature failure)
is being hidden from all parties.
Anyway, I'll also add two more examples of mangling that some of us
have discovered.
(1) When Microsoft software prepares a message for clear signing,
the MIME header on the text part is a continued line that starts
with a tab character. Some mailing list software thinks it's OK
to change that tab to 8 spaces.
(2) We have also found mailing list software that thinks it's OK
to insert a third part in a multipart/signed message as a footer
for the message.
Eric Norman
"Congress shall make no law restricting the size of integers
that may be multiplied together, or the number of times that
an integer may be multiplied by itself, or the modulus by
which an integer may be reduced".
smime.p7s
Description: S/MIME Cryptographic Signature