Email authentication??
Florian Weimer
Florian.Weimer@rus.uni-stuttgart.de
24 Jan 2000 15:43:30 +0100
Werner Koch <wk@gnupg.org> writes:
> On Mon, 24 Jan 2000, Florian Weimer wrote:
>
> > OpenPGP doesn't specify what to do with U+2028 (LINE SEPARATOR) and
> > U+2029 (PARAGRAPH SEPARATOR). Shall an implementation convert them to
> > CRLF or not?
>
> It does. When speaking about CR or LF is does mean the codes 0x0d
> and 0x0a. Codes > 0x7f are not used in OpenPGP. How you encode the
> message is not subject to OpenPGP and for user IDs and other strings
> used within OpenPGP packets UTF-8 encoding is required.
What about signatures of plain text documents encoded in UTF-8? (This
is, of course, not related to MIME-PGP messages, because RFC 2015
ensures that the message is encoded in pure ASCII before the signature
is calculated, as you explained.)
RFC 2440, 5.2.1:
| 0x01: Signature of a canonical text document.
| Typically, this means the signer owns it, created it, or
| certifies that it has not been modified. The signature is
| calculated over the text data with its line endings converted
| to <CR><LF> and trailing blanks removed.
If I interpret RFC 2440 correctly, the text document can be encoded
via UTF-8, and the term `line ending' is a bit ambiguous in this
context: Does it include U+2028 or not? (The common interpretation
seems to be that it doesn't, though.)
--
Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
RUS-CERT, Univ. Stuttgart http://cert.uni-stuttgart.de/