Email authentication??

Florian Weimer
24 Jan 2000 15:43:30 +0100

Werner Koch <> writes:

> On Mon, 24 Jan 2000, Florian Weimer wrote:
> > OpenPGP doesn't specify what to do with U+2028 (LINE SEPARATOR) and
> > U+2029 (PARAGRAPH SEPARATOR). Shall an implementation convert them to
> > CRLF or not?
> It does. When speaking about CR or LF is does mean the codes 0x0d
> and 0x0a. Codes > 0x7f are not used in OpenPGP. How you encode the
> message is not subject to OpenPGP and for user IDs and other strings
> used within OpenPGP packets UTF-8 encoding is required.
What about signatures of plain text documents encoded in UTF-8? (This is, of course, not related to MIME-PGP messages, because RFC 2015 ensures that the message is encoded in pure ASCII before the signature is calculated, as you explained.) RFC 2440, 5.2.1:
| 0x01: Signature of a canonical text document.
| Typically, this means the signer owns it, created it, or
| certifies that it has not been modified. The signature is
| calculated over the text data with its line endings converted
| to <CR><LF> and trailing blanks removed.
If I interpret RFC 2440 correctly, the text document can be encoded via UTF-8, and the term `line ending' is a bit ambiguous in this context: Does it include U+2028 or not? (The common interpretation seems to be that it doesn't, though.) -- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE RUS-CERT, Univ. Stuttgart