[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Signatures (was Re: typewriter function for an impact printer?)

On Sun, Feb 24, 2008 at 12:33:14 -0600, Ron Johnson wrote:
> On 02/24/08 09:04, Tony van der Hoff wrote:
> > On 24 Feb at 14:43 Ron Johnson wrote in message <[🔎] 47C1827B.3030604@cox.net>
> >> On 02/24/08 07:03, Tony van der Hoff wrote:

[...]

> >>> Hey Ron, I hope I' not teaching granny to suck eggs, but the standard
> >>> sig-sep is dash-dash-space-newline, so unless you're so proud of your
> >>> sig that you want it quoted back to you...

[...]

> >> Maybe Gemini just isn't up to snuff in handling signed documents.
> > [snip]
> > 
> > Maybe, but it's not had trouble before. I'd raise it with the developer, but
> > I wouldn't know precisely what the complaint would be. 
> > 
> > More likely it's the list server doing something odd.
> > This is the raw source of what I'm receiving:
> > 
> > ->----
> > Maybe Gemini just isn't up to snuff in handling signed documents.
> > 
> > - --
> > Ron Johnson, Jr.
> > Jefferson LA  USA
> > ->----
> > 
> > I don't think the extra dash is a result of signing. But it doesn't bother
> > me to snip a bit when replying to your posts :)
> 
> I think it is a side-effect of signing, because when I look at Reply
> emails that I have *not* signed, they do *not* have the added "^- ".
> 
> So, I'd take one of these emails and show it to the Gemini
> developers.  Who knows, maybe they'll blame it on Tbird not
> following the relevant RFCs...

It seems to me that it is an inherent problem with inline signing:
Google for "pgp dash escaping" or "pgp trailing whitespace" or
something like that.

When I get your messages, I also see the mutilated sig dash "- --" until
I tell mutt to verify your signature. As part of the verification
process the leading "- " is removed, so it appears to be some sort of
escape sequence. I see the same behavior if I save the raw message to
disk and run gpg manually on it. However, this does not restore the
proper signature separator because the trailing space remains missing.

I found that I can add trailing spaces on any line of your message and
it still validates, so there appears to be a convention to strip off
trailing whitespace before checking the validity of the signature. (I
have not read the relevant RFCs, but my guess would be that this is done
to accommodate for the mangling of line endings that might happen with
various MUAs on different operating systems.) This seems to make it
impossible to have the proper dash-dash-space signature delimiter in an
inline-signed message, unless there is a special escape sequence for
that. (If there is indeed one then Thunderbird does not seem to know
anything about it.)

I think this is one of the reasons why inline signatures have been
depreciated for quite a while; why not use PGP/MIME detached signatures
instead?

-- 
Regards,            | http://users.icfo.es/Florian.Kulzer
          Florian   |
Reply to: