[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cleartext Signatures

To: OpenPGP <ietf-openpgp@xxxxxxx>
Subject: Re: Cleartext Signatures
From: nagydani@xxxxxxxxxxxxxxxx (Daniel A. Nagy)
Date: Mon, 10 Oct 2005 18:20:36 +0200
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: Mutt/1.5.6+20040907i

On Mon, Oct 10, 2005 at 03:30:29PM +0100, Ben Laurie wrote:

> That mantra has shown to be a less than great idea recently, since it 
> promotes interestingly obscure security holes, so I still would like to 
> know what the correct behaviour is, and I'd like the I-D to accurately 
> document that behaviour.

In that case, the empty line should be mandated, although distinguishing
between header data and base64 armor is quite straightforward and
unambiguous: headers always have colons in them, base64 armor never does.
Thus, it should be impossible to derail a correct parser with a carefully
constructed header, though of course, it's easier to write the parser if one
assumes an empty line before the base64 data.

-- 
Daniel

Follow-Ups:
- Re: Cleartext Signatures
  - From: Ben Laurie

Prev by Date: Re: Cleartext Signatures
Next by Date: Re: Cleartext Signatures
Previous by thread: Re: Cleartext Signatures
Next by thread: Re: Cleartext Signatures
Index(es):
- Date
- Thread