From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/55400 Path: main.gmane.org!not-for-mail From: Simon Josefsson Newsgroups: gmane.emacs.gnus.general Subject: Re: Trailing whitespace and PGP/MIME Date: Wed, 31 Dec 2003 00:52:45 +0100 Sender: ding-owner@lists.math.uh.edu Message-ID: References: NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1072828397 29867 80.91.224.253 (30 Dec 2003 23:53:17 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 30 Dec 2003 23:53:17 +0000 (UTC) Original-X-From: ding-owner+M3940@lists.math.uh.edu Wed Dec 31 00:53:14 2003 Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1AbTfm-0007NH-00 for ; Wed, 31 Dec 2003 00:53:14 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 1AbTfT-00010Y-00; Tue, 30 Dec 2003 17:52:55 -0600 Original-Received: from justine.libertine.org ([66.139.78.221] ident=postfix) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 1AbTfO-00010R-00 for ding@lists.math.uh.edu; Tue, 30 Dec 2003 17:52:50 -0600 Original-Received: from yxa.extundo.com (178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by justine.libertine.org (Postfix) with ESMTP id 4BFE43A0038 for ; Tue, 30 Dec 2003 17:52:49 -0600 (CST) Original-Received: from latte.josefsson.org (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.12.10/8.12.10) with ESMTP id hBUNqmAU005284 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Wed, 31 Dec 2003 00:52:48 +0100 Original-To: ding@gnus.org Mail-Copies-To: nobody X-Hashcash: 0:031230:ding@gnus.org:b50b05ffacf18b92 In-Reply-To: (Jesper Harder's message of "Wed, 31 Dec 2003 00:29:06 +0100") User-Agent: Gnus/5.1004 (Gnus v5.10.4) Emacs/21.3.50 (gnu/linux) Precedence: bulk Xref: main.gmane.org gmane.emacs.gnus.general:55400 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:55400 Jesper Harder writes: > Simon Josefsson writes: > >> Jesper Harder writes: >> >>> It'll fix pgp/mime, but it will also force QP for inline pgp if you >>> use a signature -- which for a lot of people means _always_ -- thus >>> more or less reverting the intention of your previous change. >> >> Ah. Hm. Er. So what IS the right thing? The MUST above is for >> PGP/MIME, yes, but the _reason_ the MUST is there in the document is >> about as valid for plain PGP as it is for PGP/MIME, I think, arguing >> that the obvious approach is the right. > > I'm not sure all the reasons are valid for cleartext signatures. > > In RFC 2440 textmode is used for cleartext signatures. PGP/MIME > allows you to use either a textmode or a binary mode detached > signature. > > I think that's why they need the extra restrictions. Trailing SPC > doesn't matter if you're only using textmode, because it's ignored > when computing the signature. Yes. I believe pre-OpenPGP implementations did not ignore trailing SPC, even in "textmode", though. I think that's one of the reason PGP/MIME require that they shouldn't be present -- so that pre-OpenPGP tools compute the same hash. One alternative would be for Gnus to require an OpenPGP implementation. This would solve some other problems as well, such as QP of dash escaped text for RFC 1991 compatibility. But it would mean dropping support for PGP 2.x, and perhaps some of 5.x/6.x/etc too. I don't particularly care about those, but perhaps some do. Opinions? > | 6.3.115 pgp_create_traditional Interesting, thanks for the reference. >> There are many things on this list now, e.g., non-ASCII, > > Yup, I agree that inline signatures are unsuitable for non-ASCII. However, raw 8-bit with plain PGP can work well. >> trailing unencoded SPC, > > I don't think that's a problem. See above, it might be. >> data that look dash escaped. > > But gpg seems to handle dash-escapes just fine: > > - - See above, RFC 1991 implementation does not understand how to revert dash escaped text. That's why QP encoding could be used for text that might be dash escaped. But that doesn't work if QP isn't already used for other reasons, such as non-ASCII -- reverting to QP just for this seems excessive. > Also, the "PGP sign part" and "PGP encrypt part" commands should > probably be removed, since Gnus itself isn't even able to handle the > result. Yes... ideally they should be fixed to generate inline PGP within MIME parts, which is what most Outlook PGP users appear to generate (and parse).