TAB at EOL (GPG and PGP interoperability)
David Shaw
dshaw@jabberwocky.com
Fri Jan 10 00:44:02 2003
On Thu, Jan 09, 2003 at 03:09:02PM -0800, vedaal@hush.com wrote:
> >On Thu, Jan 09, 2003 at 12:02:04PM -0800, Knut Forkalsrud wrote:
> > I'm using GPG version 1.2.1 and some files signed using PGP 7.0.4 have
> > caused problems. It turns out that the problem files have trailing
> > TAB characters on some lines. All PGP versions I have tried can
> > verify the signature easily, but GPG insists it's a BAD signature.
> ..
> >This is a bug in PGP. The OpenPGP standard dictates that "...any
> >trailing whitespace (spaces, and tabs, 0x09) at the end of any line is
> >ignored when the cleartext signature is calculated." PGP only ignores
> >spaces and includes tabs.
>
> is it a 'bug' or a 'feature' ? ;^)
>
> it is sort-of improbable that the files Kurt was referring to just had
> 'tabs' added onto the end .
>
> it is more likely that some of the plaintext was arranged in columns like:
> 'character'TAB'character'TAB'...'character'TAB'character'
>
> and then, after pgp 'wrapping'(or e-mail wrapping), the character at
> the end of the line, got transferred to the beginning of the next
> line, leaving a TAB to end the line, but not as intentional trailing
> space
This is not what happened. If you modify GnuPG to have the same bug,
the file verifies properly.
In any event, it doesn't matter how it got that way. If the line ends
on a tab, the tab must be ignored. Period. It's not realistic for
the receiving program to try an unmangle a signed file by guessing the
countless different ways the sender could have broken it. The fix is
for the sender to do it right in the first place. That's why we have
standards. Even so, GnuPG looks for and can detect this bug in some
cases, but not in this particular case.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson