Re: Cleartext Signatures

[Ben Laurie <ben@xxxxxxxxxxxxx>]

David Shaw wrote:
> On Mon, Oct 10, 2005 at 06:58:03PM +0100, Ben Laurie wrote:
>
> > Daniel A. Nagy wrote:
> >
> > > On Mon, Oct 10, 2005 at 03:30:29PM +0100, Ben Laurie wrote:
> > >
> > >
> > >
> > > > That mantra has shown to be a less than great idea recently, since it 
> > > > promotes interestingly obscure security holes, so I still would like to 
> > > > know what the correct behaviour is, and I'd like the I-D to accurately 
> > > > document that behaviour.
> > >
> > >
> > > In that case, the empty line should be mandated,
> >
> > I agree.
>
>
> As do I, but it seems to me that it is already mandated.  Section 6.2
> (Forming ASCII Armor) mandates the line.  Section 7 (Cleartext
> signature framework) refers to "The ASCII armored signature(s)".
> Doesn't it them follow that the armored signature (like all armor)
> mandates the line?  Am I reading into something that isn't there?

I guess careful reading supports this, but the fact that it explicitly 
mentions Header and Tail Lines but _not_ the headers is confusing.

Also, it seems quite a few implementations miss them out, so I'm not the 
only confused one.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff