From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/22698
Path: main.gmane.org!not-for-mail
From: jari.aalto@poboxes.com (Jari Aalto+list.ding)
Newsgroups: gmane.emacs.gnus.general
Subject: Re: Once again: PGnus & PGP
Date: 21 Apr 1999 14:32:45 +0300
Sender: owner-ding@hpc.uh.edu
Message-ID: <tbg15u43aa.fsf@blue.sea.net>
References: <m3iub5miq8.fsf@peorth.gweep.net> <m3d81cpr9g.fsf@duchess.3b2.org> <19990411101448.A523@psyche.clear.net.nz> <m31zhqpo74.fsf@duchess.3b2.org> <871zhq5msx.fsf@psyche.evansnet> <m3r9ppon3j.fsf@duchess.3b2.org> <87u2ul4o5e.fsf@psyche.evansnet> <m3aewdob9e.fsf@duchess.3b2.org> <m1baewdshlg.fsf@blackbird.mitre.org> <m37lrho9ga.fsf@duchess.3b2.org> <19990412230326.A23570@diabolo.ndh.net> <m3hfqlv1mb.fsf@peorth.gweep.net> <tbogkjd0ry.fsf@blue.sea.net> <m3pv4z5s21.fsf@peorth.gweep.net> <87so9vf30e.fsf@pc-hrvoje.srce.hr> <m3emleete2.fsf@peorth.gweep.net> <vafso9ue8xk.fsf@ramses.cs.uni-dortmund.de>
NNTP-Posting-Host: coloc-standby.netfonds.no
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: main.gmane.org 1035160571 30715 80.91.224.250 (21 Oct 2002 00:36:11 GMT)
X-Complaints-To: usenet@main.gmane.org
NNTP-Posting-Date: Mon, 21 Oct 2002 00:36:11 +0000 (UTC)
Keywords: x-pgp,whitespace,pgp,signing,signed,problem,message,body
Return-Path: <owner-ding@hpc.uh.edu>
Original-Received: from farabi.math.uh.edu (farabi.math.uh.edu [129.7.128.57])
	by sclp3.sclp.com (8.8.5/8.8.5) with ESMTP id HAA05326
	for <jason@mailhost.sclp.com>; Wed, 21 Apr 1999 07:37:51 -0400 (EDT)
Original-Received: from sina.hpc.uh.edu (lists@Sina.HPC.UH.EDU [129.7.3.5])
	by farabi.math.uh.edu (8.9.1/8.9.1) with ESMTP id GAB08374;
	Wed, 21 Apr 1999 06:33:43 -0500 (CDT)
Original-Received: by sina.hpc.uh.edu (TLB v0.09a (1.20 tibbs 1996/10/09 22:03:07)); Wed, 21 Apr 1999 06:34:02 -0500 (CDT)
Original-Received: from sclp3.sclp.com (root@sclp3.sclp.com [204.252.123.139]) by sina.hpc.uh.edu (8.7.3/8.7.3) with ESMTP id GAA12064 for <ding@hpc.uh.edu>; Wed, 21 Apr 1999 06:33:51 -0500 (CDT)
Original-Received: from axl01it.ntc.nokia.com (axl01it.ntc.nokia.com [131.228.118.232])
	by sclp3.sclp.com (8.8.5/8.8.5) with ESMTP id HAA05310
	for <ding@gnus.org>; Wed, 21 Apr 1999 07:33:40 -0400 (EDT)
Original-Received: from zeus.ntc.nokia.com (zeus.ntc.nokia.com [131.228.134.50]) by axl01it.ntc.nokia.com (8.8.5/8.6.9) with SMTP id OAA20271 for <ding@gnus.org>; Wed, 21 Apr 1999 14:31:53 +0300 (EET DST)
Original-Received: from tre.ntc.nokia.com (styx.ntc.nokia.com [131.228.169.57]) by zeus.ntc.nokia.com (8.6.4/8.6.4) with ESMTP id OAA28883 for <ding@gnus.org>; Wed, 21 Apr 1999 14:44:41 +0300
Original-Received: by tre.ntc.nokia.com
	(1.39.111.2/16.2) id AA078054365; Wed, 21 Apr 1999 14:32:45 +0300
Original-To: Ding mailing list <ding@gnus.org>
X-Sender-Info: Emacs tiny tools: ftp://cs.uta.fi/pub/ssjaaa/
  File server: Send subject 'send help' to <jari.aalto@poboxes.com>
  PGP 2.6.x keyid 47141D35 http://www.pgp.net/pgpnet/
In-Reply-To: Kai.Grossjohann@CS.Uni-Dortmund.DE's message of "21 Apr 1999 09:20:39 +0200"
Original-Lines: 44
User-Agent: Gnus/5.07008 (Pterodactyl Gnus v0.80) Emacs/20.3
Precedence: list
X-Majordomo: 1.94.jlt7
Xref: main.gmane.org gmane.emacs.gnus.general:22698
X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:22698

* 1999-04-21 Kai.Grossjohann@CS.Uni-Dortmund.DE list.ding
* Message-Id: <vafso9ue8xk.fsf@ramses.cs.uni-dortmund.de>
| Stainless Steel Rat <ratinox@peorth.gweep.net> writes:
| 
|   > Many mail and news systems will append whitespace to messages.  Some strip
|   > whitespace.  To compensate, following the lead set by the PEM format
|   > standard, PGP marks signed areas with delimiters.  Thus, if a message has
|   > whitespace appended or removed, it will not affect the signed area.
|   > 
|   > X-Pgp removes those delimiters.
| 
| IMHO, X-Pgp could be improved by specifying that trailing whitespace
| should be removed before signing or verifying the signature.  This is
| a kludge, but it might work, might it not?


Uhm. I hate to repeat this all over again. 

When I wrote the X-pgp specification it addressed excatly this problem. The
mesasge were SMF'd (Stripped message formatted), ie. there was strict rules
how to guarrantee whitespace stripping/adding BEFORE signing and
the same was done in the receiving end by doing exactly the same SMF.

Rat dind't understood (maybe he dind't review the spec) that the white
spaces never affected the X-pgp specification I put formally on paper. I
used X-pgp for years without any problems on verifying the message.

The problem was with mailing lists that WENT and modified the body by
adding text to the beginning oe end of the body. In this respect the 
only reliable way is to use those PGP delimiter TAGS. In newsgrousp it was
never a problem and you will find many of my X-pgp signed messages posted
in gnu group somewhere 1995-1997. I bet they still can be verified today
acconding to X-pgp spec.

As long as the only change in body concerned whitespaces, it was as 
robust as regular pgp signing.

Anyway, The X-pgp was an interim solution when we all waited for
MIME to be widely recognized. I've been long disabled the feature
from TinyPgp in favour of PGP/MIME, so let's drop pointing to X-pgp,
shall we?

jari