[fwd] Re: PGP/MIME implementors: text mode vs. binary mode? (from: hal@finney.org)

Werner Koch wk at gnupg.org
Wed Feb 14 22:18:13 CET 2001


you might be interested in this:

----- Forwarded message from hal at finney.org -----

Date: Tue, 13 Feb 2001 15:59:37 -0800
From: hal at finney.org
To: roessler at does-not-exist.org, warlord at mit.edu
Cc: hal at finney.org, ietf-openpgp at imc.org
Subject: Re: PGP/MIME implementors: text mode vs. binary mode?

Isn't the real, operational issue here a question of whether trailing
white space should be hashed?  The choices are to say yes, or no, or it
depends on the type byte in the signature.

I can't help thinking that the distinction between text and binary mode
is not that useful in solving this problem.  Let's not get hung up on
the specification incompatibility between PGP 2.X and OpenPGP.

The real question is whether to hash trailing whitespace or not.  One way
to help decide this is to look at how existing implementations do it.

I can tell you that on message receipt, the commercial versions of PGP
from Network Associates DO hash trailing whitespace on PGP/MIME messages.
That is, they are sensitive to the presence of trailing whitespace and
it is included in the hash.  This is true regardless of whether the
signature type byte is text or binary mode.  That may or may not be
compatible with the spec but that is how these versions work.


----- End forwarded message -----

Now I understand a whole bunch of bug reports relating PGP 5.
Why care about standards, %$%^$^&.


Werner Koch                                              <wk at gnupg.org>
GNU Privacy Guard                                (http://www.gnupg.org)
Free Software Foundation Europe              (http://www.fsfeurope.org)
           [Please see X-* mail header for OpenPGP key info]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 241 bytes
Desc: not available
Url : /pipermail/attachments/20010214/6c236bd2/attachment.bin

More information about the Gnupg-devel mailing list