[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PGP/MIME: encoding restrictions.



On 2000-05-11 09:44:28 +0100, Ian Bell wrote:

> Should the issue of binary versus text-mode signatures
> be addressed?

It should, and I believe the following would be the most
robust solution:

(1) require clients to create text mode signatures
(2) require clients to use either quoted-printable or
    base64 for any body parts which contain trailing
    whitespace.

Note that this seems to be what most clients do anyway at
present.

Rationale: MIME has been carefully designed in a way which
makes sure that all essential information makes it through
gateways which tamper with trailing whitespace.  Thus, we
should make sure that PGP/MIME signed messages don't lose
any information on such paths, either.

Not losing any information in the signed body is
guaranteed by the use of qp/base64, whenever trailing
whitespace is present.

Not unnecesarily invalidating signatures is guaranteed by
the use of text-mode signatures, since these signatures
will ignore any trailing whitespace.  Note that this
trailing whitespace must be ignored by standard-conforming
decoders for qp/base64, too, and doesn't carry any meaning
in RFC822 (think about message/rfc822 attachments) or MIME
headers, so signature verification will fail if and only
if actual content has been modified.

Binary-mode signatures would also be invalidated if
trailing whitespace is tampered with, even though it
doesn't carry any meaning to the MIME encoding used.

Comments?

-- 
Thomas Roessler              <roessler@does-not-exist.org>