Loading...

ietf-openpgp@imc.org

[Prev] Thread [Next]  |  [Prev] Date [Next]

Re: PGP/MIME implementors: text mode vs. binary mode? Bodo Moeller Tue Feb 13 06:22:22 2001

On Tue, Feb 13, 2001 at 01:54:27PM +0100, Thomas Roessler wrote:

[...]
> * text-mode signatures
[...]
>   - there are incompatibilities between implementations which use
>     text-mode AND leave trailing white space in messages.
>   - thus, clients will need additional code in order to avoid
>     trailing whitespace (e.g., apply quoted-printable).

There is no need to use quoted-printable to avoid trailing whitespace
in this case.  Applications that use text-mode signatures because they
consider trailing whitespace not significant can simply delete such
whitespace.  (Only in cases where you are worried about unauthorized
removal of whitespace but not about unauthorized addition of whitespace,
quoted-printable is required; e.g. "-- " signature separators.)

>   - this will make any clients non-compliant which are using binary
>     mode today.

This is true only if text-mode signatures are made mandatory.  An
alternative is to allow both text-mode and binary signatures, but to
impose restrictions on the data to be signed so that the respective
hashes coincide -- i.e., disallow trailing whitespace unless encoded
such that it is no longer trailing whitespace as far as OpenPGP is
concerned.


> * binary-mode signatures
[...]
>   + clients are interoperable regardless of the back-end version
>     used and regardless of the treatment of trailing whitespace.

The same is true if text-mode signatures are used and senders strictly
avoid trailing whitespace.

[...]
>   - this will make any clients non-compliant which are using text
>     mode today.

Again, this is only true only if binary-mode signatures are made
mandatory.  If both forms are legal, with the restriction the senders
have to avoid trailing unencoded whitespace (but recipients are not
required to strip any trailing whitespace before interpreting the
message), then it is up to the senders to decide if they want to use
binary-mode signatures as a countermeasure against addition of
whitespace in transit or if they think that text-mode signatures
suffice; and clients will still be able to verify signatures in a
single pass.


-- 
Bodo Möller <[EMAIL PROTECTED]>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036