Re: armour pierced with PGP 8 arrow

[David Shaw <dshaw@xxxxxxxxxxxxxxx>]

On Thu, Dec 11, 2003 at 12:17:20PM -0500, Ian Grigg wrote:
> 
> Ian Grigg wrote:
> > 
> > Peter Gutmann wrote:
> 
> > > Is it really a line-length issue, or something else like the
> > > presence of the second colon in the line for something that's
> > > scanning for <string>:<string>?
> 
> Peter brought up the issue of the additional
> ": " separators and I opined that the draft
> should be clearer on this issue.
> 
> On reflection, I think it should not be permitted.
> 
> The reason for this is that when you combine
> it with the line slicing behaviour, then some
> games are possible:
> 
> Version: 1.0.0 non-commercial, upgrade to Version: 2.0.0-commercial
> 
> 
> Could result in an embarressing split.  Now, that's a superficial
> and ignorable result, and only presented for the sake of showing
> what might happen.
> 
> I can see no good reason to leave multiple separators as permitted
> in the ID, so I'd suggest adding a simple restriction such as "Only
> one separator is permitted."

I disagree we need to change anything here.  There is already only one
separator permitted.  Using your example:

  Version: 1.0.0 non-commercial, upgrade to Version: 2.0.0-commercial

The second instance of colon-space is NOT a separator.  It's just part
of the value.

This isn't very complicated.  I'd be quite surprised to hear of any
parser that didn't do:

a) Find the leftmost colon-space.
b) The string to the left is the key.
c) The string to the right is the value.

That's how email works (note the subject line of this message has two
colons!), how news works, and how OpenPGP works.

David