[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP/MIME: encoding restrictions.



On Sun, 16 Jul 2000, Thomas Roessler <roessler@does-not-exist.org>
wrote:
>On 2000-05-11 09:44:28 +0100, Ian Bell wrote:
>
>> Should the issue of binary versus text-mode signatures
>> be addressed?
>
>It should, and I believe the following would be the most
>robust solution:
>
>(1) require clients to create text mode signatures
>(2) require clients to use either quoted-printable or
>    base64 for any body parts which contain trailing
>    whitespace.
>
>Note that this seems to be what most clients do anyway at
>present.

[snip rationale]

This also satisfies the design objective of RFC1847 for single-pass
processing of the hashes (whether or not there are clients that rely on
that) without inventing new parameters.

I would suggest:
        clients MUST create text mode signature
though  clients MAY verify binary-mode signatures

However, I'm not so sure about (2). At most:

        clients SHOULD use qp or base64 whenever there is significant
        white space (i.e. _not_ MUST).

The cost of not using qp is that trailing whitespace is not protected,
but if clients have "good" reasons for not using qp they should be
allowed to consider that option.

For example, in draft-ietf-usefor-article-02 (USEFOR) it says "Posting
agents SHOULD NOT use the encoding method quoted-printable". Since
USEFOR articles will usually contain trailing whitespace (personal
signatures MUST be delimited by "-- "), clients will be unable to post
RFC2015bis articles to UseNet without breaking one RFC or another.

-- 
Ian Bell                                           T U R N P I K E  Ltd