From owner-ietf-openpgp@mail.imc.org Mon Feb 2 21:43:44 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA01655 for ; Mon, 2 Feb 2004 21:43:43 -0500 (EST) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i132OEox060837; Mon, 2 Feb 2004 18:24:14 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i132OEed060836; Mon, 2 Feb 2004 18:24:14 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from slc-exch-1.forumsys.com (67.107.202.130.ptr.us.xo.net [67.107.202.130]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i132OBgt060803 for ; Mon, 2 Feb 2004 18:24:12 -0800 (PST) (envelope-from hmujtaba@forumsys.com) Received: from bstn-exch1.forumsys.com ([10.5.2.12]) by slc-exch-1.forumsys.com with Microsoft SMTPSVC(5.0.2195.6713); Mon, 2 Feb 2004 19:24:04 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: SubKey expiration Date: Mon, 2 Feb 2004 21:23:57 -0500 Message-ID: <4DCE15B9C4E66F4CA967EBF64C53D64D015714@bstn-exch1.forumsys.com> Thread-Topic: SubKey expiration Thread-Index: AcPp/FI4t7SwIrRXSgi0tLIZ56jF5A== From: "Hasnain Mujtaba" To: X-OriginalArrivalTime: 03 Feb 2004 02:24:05.0013 (UTC) FILETIME=[CB680C50:01C3E9FC] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id i132ODgt060830 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 8bit Hi all, When does a OpenPGP V4 subkey expire? Is it when the subkey "signature expiration time" arrives or when the subkey "key expiration time" arrives. What is the need for having two expiration signature subpackets: Key expiration time and Signature expiration time. Which of these do we read if we want to know the date when the subkey expires? If the signature on the subkey has expired then the key is useless and the value of the the Key expiration time subpacket should not matter and vice versa, i.e, if the the key expiration time is reached before the signature expiration time then the key has expired. So, whichever of the two validity dates arrives first, can't we expire the key based on that? Is this the reasoning correct? Regards, Hasnain. From owner-ietf-openpgp@mail.imc.org Tue Feb 3 05:16:29 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA00618 for ; Tue, 3 Feb 2004 05:16:29 -0500 (EST) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i139iDSg054315; Tue, 3 Feb 2004 01:44:13 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i139iDHL054313; Tue, 3 Feb 2004 01:44:13 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i139iA9F054265 for ; Tue, 3 Feb 2004 01:44:10 -0800 (PST) (envelope-from wk@gnupg.org) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 3.35 #1 (Debian)) id 1Anx6e-0007f8-00 for ; Tue, 03 Feb 2004 10:44:32 +0100 Received: from wk by alberti.g10code.de with local (Exim 3.36 #1 (Debian)) id 1Anx2v-0001G3-00; Tue, 03 Feb 2004 10:40:41 +0100 To: "Hasnain Mujtaba" Cc: Subject: Re: SubKey expiration References: <4DCE15B9C4E66F4CA967EBF64C53D64D015714@bstn-exch1.forumsys.com> From: Werner Koch Organisation: g10 Code GmbH X-Request-PGP: finger:wk@g10code.com X-PGP-KeyID: 621CC013 Date: Tue, 03 Feb 2004 10:40:40 +0100 In-Reply-To: <4DCE15B9C4E66F4CA967EBF64C53D64D015714@bstn-exch1.forumsys.com> (Hasnain Mujtaba's message of "Mon, 2 Feb 2004 21:23:57 -0500") Message-ID: <878yjkqz53.fsf@alberti.g10code.de> User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/20.7 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, 2 Feb 2004 21:23:57 -0500, Hasnain Mujtaba said: > So, whichever of the two validity dates arrives first, can't we expire > the key based on that? If the key binding signature has expired, there is no valid binding signature anymore and thus there is no usable subkey anymore. The subkey did not expire but the effect is the same. Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From owner-ietf-openpgp@mail.imc.org Tue Feb 3 08:58:39 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA08818 for ; Tue, 3 Feb 2004 08:58:39 -0500 (EST) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i13DV2w7082065; Tue, 3 Feb 2004 05:31:02 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i13DV25V082064; Tue, 3 Feb 2004 05:31:02 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i13DV1D3082058 for ; Tue, 3 Feb 2004 05:31:01 -0800 (PST) (envelope-from dshaw@jabberwocky.com) Received: from claude.jabberwocky.com (walrus.ne.client2.attbi.com [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id i13DV2S06049 for ; Tue, 3 Feb 2004 08:31:02 -0500 Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id i13DSeX27504 for ietf-openpgp@imc.org; Tue, 3 Feb 2004 08:28:40 -0500 Date: Tue, 3 Feb 2004 08:28:40 -0500 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: SubKey expiration Message-ID: <20040203132840.GF20644@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <4DCE15B9C4E66F4CA967EBF64C53D64D015714@bstn-exch1.forumsys.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4DCE15B9C4E66F4CA967EBF64C53D64D015714@bstn-exch1.forumsys.com> X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-Request-PGP: http://www.jabberwocky.com/david/keys.asc X-Phase-Of-Moon: The Moon is Waxing Gibbous (89% of Full) User-Agent: Mutt/1.5.6i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, Feb 02, 2004 at 09:23:57PM -0500, Hasnain Mujtaba wrote: > What is the need for having two expiration signature subpackets: Key > expiration time and Signature expiration time. Which of these do we > read if we want to know the date when the subkey expires? If the > signature on the subkey has expired then the key is useless and the > value of the the Key expiration time subpacket should not matter and > vice versa, i.e, if the the key expiration time is reached before > the signature expiration time then the key has expired. The subpacket "language" is rich and allows you to express things that don't necessarily make sense in all contexts. In the case of subkeys, if you have a self-signature that expires, it is as if the subkey has no self-signature, and is thus an invalid subkey. If you have a self-signature that has a key expiration subpacket, and the specified time has elapsed, then the subkey is expired. > So, whichever of the two validity dates arrives first, can't we > expire the key based on that? For most purposes, yes. Though an invalid subkey (expired self-signature) and an expired subkey (valid self-signature with a key expiration subpacket) are not the same thing, either one results in a subkey that should not be used. Nevertheless, if you are generating a subkey that expires, use the key expiration subpacket. That's what it is there for. David From owner-ietf-openpgp@mail.imc.org Wed Feb 4 09:59:32 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA08329 for ; Wed, 4 Feb 2004 09:59:31 -0500 (EST) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i14ESoPN054703; Wed, 4 Feb 2004 06:28:50 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i14ESowj054702; Wed, 4 Feb 2004 06:28:50 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.cs.auckland.ac.nz (smtp.cs.auckland.ac.nz [130.216.33.151]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i14ESjvH054689 for ; Wed, 4 Feb 2004 06:28:48 -0800 (PST) (envelope-from pgut001@cs.auckland.ac.nz) Received: from cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by smtp.cs.auckland.ac.nz (Postfix) with ESMTP id B89873404E; Thu, 5 Feb 2004 03:27:37 +1300 (NZDT) Received: (from pgut001@localhost) by cs.auckland.ac.nz (8.11.6/8.11.6) id i14EShf15869; Thu, 5 Feb 2004 03:28:43 +1300 Date: Thu, 5 Feb 2004 03:28:43 +1300 Message-Id: <200402041428.i14EShf15869@cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: ietf-openpgp@imc.org, jas@extundo.com Subject: Re: Trust Packets Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Simon Josefsson writes: >pgut001@cs.auckland.ac.nz (Peter Gutmann) writes: >> I've thought about this a bit in the past (I use databases to store >> other types of keys) but because of the free-form association of >> different bits and pieces of keys with identifying information I >> can't think of any easy way to do it unless you use a multi-level >> lookup. That is, you can't do a: >> >> SELECT key FROM table WHERE email = foo >> >> because there could be an arbitrary number of email addresses attached to a >> key, and there could be an arbitrary number of keys associated with an email >> address. So you need something like: >> >> SELECT keyID FROM indexTable WHERE email = foo >> SELECT key FROM sigKeyTable WHERE keyID = foo >> >> which isn't very efficient (multiple tables, multi-level lookups, etc etc). > >Have you tried this and found that performance is the most performance >critical area? I hadn't really checked it, because the code could end up plugged into almost any database type (via ODBC) on any kind of system, I wasn't sure that results for one particular environment would be terribly useful. For example if you can tell the back-end (via SQL hinting) to use a hashed index held in RAM it'd be pretty quick. If you end up with a linear scan on disk, it'd be pretty awful. >(The database contained the equivalent of ~2GB PGP keyrings worth of data, >although the machine had enough memory to store the entire database in RAM.) Yeah, well that would help a bit :-). Peter. From owner-ietf-openpgp@mail.imc.org Wed Feb 4 11:11:46 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA12510 for ; Wed, 4 Feb 2004 11:11:46 -0500 (EST) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i14Fmo0q060665; Wed, 4 Feb 2004 07:48:50 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i14FmoPt060663; Wed, 4 Feb 2004 07:48:50 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from yxa.extundo.com (178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i14FmjjD060656 for ; Wed, 4 Feb 2004 07:48:49 -0800 (PST) (envelope-from jas@extundo.com) Received: from latte.josefsson.org (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.12.10/8.12.10) with ESMTP id i14FmhMe016694 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Wed, 4 Feb 2004 16:48:44 +0100 To: pgut001@cs.auckland.ac.nz (Peter Gutmann) Cc: ietf-openpgp@imc.org Subject: Re: Trust Packets References: <200402041428.i14EShf15869@cs.auckland.ac.nz> From: Simon Josefsson X-Hashcash: 0:040204:pgut001@cs.auckland.ac.nz:8b56e117238d4c8d X-Hashcash: 0:040204:ietf-openpgp@imc.org:57decbed521a0bb1 Date: Wed, 04 Feb 2004 16:48:42 +0100 In-Reply-To: <200402041428.i14EShf15869@cs.auckland.ac.nz> (Peter Gutmann's message of "Thu, 5 Feb 2004 03:28:43 +1300") Message-ID: User-Agent: Gnus/5.110002 (No Gnus v0.2) Emacs/21.3.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: pgut001@cs.auckland.ac.nz (Peter Gutmann) writes: >>(The database contained the equivalent of ~2GB PGP keyrings worth of data, >>although the machine had enough memory to store the entire database in RAM.) > > Yeah, well that would help a bit :-). I guess. But it was the largest OpenPGP key database I could find; a snapshot of the key ring from some global PGP key database (100 ~22GB files, dated from 2002 or so -- if this sounds like it might have been truncated I'd appreciate being informed). So even if I agree the database is small by todays RAM size standards, I don't believe it was a toy database, so the data point can't be that irrelevant. And I'd also imagine someone building a serious production server have more memory in their servers than a modern desktop PC like mine. (For reference, my database was PostgreSQL, I didn't apply any performance tweaks.) What we need is a way to embed those MPEG files in OpenPGP keys. :-) Regards, Simon From owner-ietf-openpgp@mail.imc.org Thu Feb 5 11:51:55 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA23647 for ; Thu, 5 Feb 2004 11:51:55 -0500 (EST) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i15GS8lE030547; Thu, 5 Feb 2004 08:28:08 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i15GS85j030546; Thu, 5 Feb 2004 08:28:08 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i15GS7SC030539 for ; Thu, 5 Feb 2004 08:28:07 -0800 (PST) (envelope-from dshaw@jabberwocky.com) Received: from claude.jabberwocky.com (walrus.ne.client2.attbi.com [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id i15GSAS15244 for ; Thu, 5 Feb 2004 11:28:15 -0500 Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id i15GPa827070 for ietf-openpgp@imc.org; Thu, 5 Feb 2004 11:25:36 -0500 Date: Thu, 5 Feb 2004 11:25:36 -0500 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Trust Packets Message-ID: <20040205162536.GA27038@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <200402041428.i14EShf15869@cs.auckland.ac.nz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-Request-PGP: http://www.jabberwocky.com/david/keys.asc X-Phase-Of-Moon: The Moon is Waxing Gibbous (99% of Full) User-Agent: Mutt/1.5.6i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, Feb 04, 2004 at 04:48:42PM +0100, Simon Josefsson wrote: > What we need is a way to embed those MPEG files in OpenPGP keys. :-) I can just see it: a "movie" attribute. "Hi! I'm David, and my fingerprint is...." David From owner-ietf-openpgp@mail.imc.org Thu Feb 5 13:02:48 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA26170 for ; Thu, 5 Feb 2004 13:02:47 -0500 (EST) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i15Hc8L6036284; Thu, 5 Feb 2004 09:38:08 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i15Hc82G036283; Thu, 5 Feb 2004 09:38:08 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.135]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i15Hc7x9036275 for ; Thu, 5 Feb 2004 09:38:07 -0800 (PST) (envelope-from vedaal@hush.com) Received: from mailserver3.hushmail.com (mailserver3.hushmail.com [65.39.178.45]) by smtp3.hushmail.com (Postfix) with ESMTP id A0B0A10E608 for ; Thu, 5 Feb 2004 09:38:16 -0800 (PST) Received: (from nobody@localhost) by mailserver3.hushmail.com (8.12.8p1/8.12.8/Submit) id i15HZNWZ000626 for ietf-openpgp@imc.org; Thu, 5 Feb 2004 09:35:23 -0800 (PST) Message-Id: <200402051735.i15HZNWZ000626@mailserver3.hushmail.com> Date: Thu, 5 Feb 2004 09:35:23 -0800 To: ietf-openpgp@imc.org Subject: Re: Trust Packets From: Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Thu, 05 Feb 2004 08:25:36 -0800 David Shaw wrote: > >On Wed, Feb 04, 2004 at 04:48:42PM +0100, Simon Josefsson wrote: > >> What we need is a way to embed those MPEG files in OpenPGP keys. >:-) > >I can just see it: a "movie" attribute. "Hi! I'm David, and my >fingerprint is...." and then stego a symmetrically encrypted file of the secret key, passphrase, and revocation certificate right into it ;-) vedaal Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 From owner-ietf-openpgp@mail.imc.org Thu Feb 5 17:26:58 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA16424 for ; Thu, 5 Feb 2004 17:26:57 -0500 (EST) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i15M527W055442; Thu, 5 Feb 2004 14:05:02 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i15M52pe055441; Thu, 5 Feb 2004 14:05:02 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.enyo.de (mail.enyo.de [212.9.189.167]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i15M50Ah055428 for ; Thu, 5 Feb 2004 14:05:01 -0800 (PST) (envelope-from fw@deneb.enyo.de) Received: (debugging) helo=deneb.enyo.de ip=212.9.189.171 name=deneb.enyo.de Received: from deneb.enyo.de ([212.9.189.171]) by mail.enyo.de with esmtp id 1Aord2-0003bx-Bl for ietf-openpgp@imc.org; Thu, 05 Feb 2004 23:05:44 +0100 Received: from fw by deneb.enyo.de with local (Exim 4.30) id 1AorcT-00044R-9A for ietf-openpgp@imc.org; Thu, 05 Feb 2004 23:05:09 +0100 Date: Thu, 5 Feb 2004 23:05:09 +0100 To: ietf-openpgp@imc.org Subject: Re: Trust Packets Message-ID: <20040205220509.GA15608@deneb.enyo.de> References: <200402041428.i14EShf15869@cs.auckland.ac.nz> <20040205162536.GA27038@jabberwocky.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040205162536.GA27038@jabberwocky.com> User-Agent: Mutt/1.5.5.1+cvs20040105i From: Florian Weimer Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: David Shaw wrote: > > On Wed, Feb 04, 2004 at 04:48:42PM +0100, Simon Josefsson wrote: > > > What we need is a way to embed those MPEG files in OpenPGP keys. :-) > > I can just see it: a "movie" attribute. It's called "logotype" and X.509 has it. 8-) From owner-ietf-openpgp@mail.imc.org Wed Feb 11 14:55:51 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA17426 for ; Wed, 11 Feb 2004 14:55:50 -0500 (EST) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1BJYEal083593; Wed, 11 Feb 2004 11:34:14 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1BJYD7d083592; Wed, 11 Feb 2004 11:34:13 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from dogbert.ihtfp.org (me@DOGBERT.IHTFP.ORG [204.107.200.33]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1BJYCMj083586 for ; Wed, 11 Feb 2004 11:34:12 -0800 (PST) (envelope-from warlord@MIT.EDU) Received: (from warlord@localhost) by dogbert.ihtfp.org (8.12.9) id i1BJYQtk007551; Wed, 11 Feb 2004 14:34:26 -0500 To: ietf-openpgp@imc.org Subject: Meeting in Seoul: Timeslot acquired. Second call for agenda items. From: Derek Atkins Date: Wed, 11 Feb 2004 14:34:26 -0500 In-Reply-To: (Derek Atkins's message of "Fri, 30 Jan 2004 14:01:43 -0500") Message-ID: User-Agent: Gnus/5.1003 (Gnus v5.10.3) Emacs/21.1 (gnu/linux) References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I've acquired a one-hour timeslot in Seoul: This is to confirm that OPENPGP is currently scheduled on Tuesday, March 2 at 1300-1400 Other groups scheduled at that time are: webdav, l3vpn, dnsop, nsis The current agenda has two items: 1) 2440bis status - current state (jon via derek, unless jon can make it) - list of issues (derek) 2) updating the charter/milestones (derek) If you have other items to discuss, please let me know so I can add them to the agenda. I need to submit the agenda by Feb 24th. -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant From owner-ietf-openpgp@mail.imc.org Wed Feb 11 16:12:41 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA24517 for ; Wed, 11 Feb 2004 16:12:39 -0500 (EST) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1BKs5ix088255; Wed, 11 Feb 2004 12:54:05 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1BKs5Oc088254; Wed, 11 Feb 2004 12:54:05 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1BKs1YV088242 for ; Wed, 11 Feb 2004 12:54:04 -0800 (PST) (envelope-from dshaw@jabberwocky.com) Received: from claude.jabberwocky.com (walrus.ne.client2.attbi.com [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id i1BKsDS02561 for ; Wed, 11 Feb 2004 15:54:14 -0500 Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id i1BKotJ19441 for ietf-openpgp@imc.org; Wed, 11 Feb 2004 15:50:55 -0500 Date: Wed, 11 Feb 2004 15:50:55 -0500 From: David Shaw To: ietf-openpgp@imc.org Subject: Let's resolve the end-of-line and whitespace question Message-ID: <20040211205055.GB18221@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-Request-PGP: http://www.jabberwocky.com/david/keys.asc X-Phase-Of-Moon: The Moon is Waxing Gibbous (95% of Full) User-Agent: Mutt/1.5.6i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I'm not going to be in Seoul, but one thing I think would be good to be discussed, whether on this list, in Seoul, or both, is the textmode end-of-line and whitespace issues. This is not a severe interoperability problem by any means, but is an annoyance that pops up now and again, and I think contributes in a small way to the poor interoperability reputation that OpenPGP has. As I understand it, there are actually two different problems here. I'll take them in order: 1) 2440 says of the canonical text signature (sigclass 0x01): The signature is calculated over the text data with its line endings converted to and trailing blanks removed. This is different than what every version of PGP though 8 does. These implementations do the line endings, but do not remove trailing blanks (essentially PGP 2.x behavior). 2) 2440 says of the cleartext signature: Also, any trailing whitespace (spaces, and tabs, 0x09) at the end of any line is ignored when the cleartext signature is calculated. Again, PGP through 8 implements this differently than 2440 says, where trailing spaces are removed, but trailing tabs are not (again, PGP 2.x behavior). I've seen comments that these details were inadvertent errors in 2440 that would have or should have been fixed, and requests to the WG the change these two details in 2440bis to match the historical PGP behavior (after all, PGP 5 predates 2440 and there is a huge installed base of PGP 5-8). I've also seen comments that the WG mustn't change the published standard this many years after the fact to match behavior already declared noncompliant. As for me, I don't really have strong feelings for any particular outcome of this. What I do care about is that once 2440bis is published, that it is clear what the "right" way to do things is and that there will not be questions later. I don't want it suggested that the issue wasn't looked at. Jon Callas pointed out in , that if programs would just put their particular variation on canonical text in the literal data packet accompanying the signature, then a lot of the problems just go away. This is a good point, and is, in fact, what both PGP and GnuPG do, which is one reason why #1 hasn't been a larger problem. Unfortunately, this practice does not handle canonical text detached signatures or cleartext signatures, as these have no literal data packet. On the brighter side, this practice means that changing one program's behavior to match the other would not be a major backwards compatibility problem. David From owner-ietf-openpgp@mail.imc.org Wed Feb 11 20:16:03 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA16712 for ; Wed, 11 Feb 2004 20:16:02 -0500 (EST) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1C0sMiI004928; Wed, 11 Feb 2004 16:54:22 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1C0sMKR004927; Wed, 11 Feb 2004 16:54:22 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by above.proper.com (8.12.11/8.12.8) with SMTP id i1C0sLoJ004921 for ; Wed, 11 Feb 2004 16:54:21 -0800 (PST) (envelope-from iang@systemics.com) Received: (qmail 92967 invoked from network); 12 Feb 2004 00:54:35 -0000 Received: from 66.152.48-244.ded.btitelecom.net (HELO systemics.com) (66.152.48.244) by relay.pair.com with SMTP; 12 Feb 2004 00:54:35 -0000 X-pair-Authenticated: 66.152.48.244 Message-ID: <402ACDDE.4050207@systemics.com> Date: Wed, 11 Feb 2004 19:50:38 -0500 From: Ian Grigg User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6b) Gecko/20040113 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org CC: David Shaw Subject: Re: Let's resolve the end-of-line and whitespace question References: <20040211205055.GB18221@jabberwocky.com> In-Reply-To: <20040211205055.GB18221@jabberwocky.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit David Shaw wrote: > I'm not going to be in Seoul, but one thing I think would be good to > be discussed, whether on this list, in Seoul, or both, is the textmode > end-of-line and whitespace issues. I'd agree that it needs to be tightened up. > This is not a severe interoperability problem by any means, but is an > annoyance that pops up now and again, and I think contributes in a > small way to the poor interoperability reputation that OpenPGP has. Right. For many cases, I guess this may be a nuisance. For my case, it is critical functionality, and from time to time, we've had to re-roll contracts to cope with this, and/or put in complicated heuristics into code to verify using multiple methods. (The preferred path at the moment is to change the source file such that whitespace is removed, but that's not really possible for most apps.) > 1) 2440 says of the canonical text signature (sigclass 0x01): > > The signature is calculated over the text data with its line > endings converted to and trailing blanks removed. > > This is different than what every version of PGP though 8 does. > These implementations do the line endings, but do not > remove trailing blanks (essentially PGP 2.x behavior). > > 2) 2440 says of the cleartext signature: > > Also, any trailing whitespace (spaces, and tabs, 0x09) at the > end of any line is ignored when the cleartext signature is > calculated. Two notes: a) it would be useful if the whitespace were clarified to eliminate potential Unicode white space. b) it would make some sort of sense, if any real changes were made, to unify the definition of whitespace to be the same in both. But this is minor, as one would think that we were not anticipating any functional change to 2440bis at this stage. > I've seen comments that these details were inadvertent errors in 2440 > that would have or should have been fixed, and requests to the WG the > change these two details in 2440bis to match the historical PGP > behavior (after all, PGP 5 predates 2440 and there is a huge installed > base of PGP 5-8). I've also seen comments that the WG mustn't change > the published standard this many years after the fact to match > behavior already declared noncompliant. The two implementations that I deal with both implement 2440bis as the (best available) standard. If 2440 has to be changed, then a lot of implementations would have to be as well; it's long since past that it was routine to treat the behaviour of pgp as a de facto standard. Also, anecdotally, I think gpg has a pretty significant market share these days, so we would have to quote what behaviour it follows if there was to be any change in 2440. > As for me, I don't really have strong feelings for any particular > outcome of this. What I do care about is that once 2440bis is > published, that it is clear what the "right" way to do things is and > that there will not be questions later. I don't want it suggested > that the issue wasn't looked at. I agree. > Jon Callas pointed out in > , > .... I agree with the thrust of this. Text should be sent in the interchange format, and signatures should be immediately verifiable on the data as delivered. It does mean that an implementation should send data with whitespace trimmed, though. And, that verification MAY try additional trimming if it hasn't been already trimmed by a non-conforming signer. It would be nice to get such explanation into 2440bis. iang From owner-ietf-openpgp@mail.imc.org Tue Feb 17 12:18:05 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA18858 for ; Tue, 17 Feb 2004 12:18:04 -0500 (EST) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1HH0Ulm089636; Tue, 17 Feb 2004 09:00:30 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1HH0UZf089635; Tue, 17 Feb 2004 09:00:30 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1HH0TBA089629 for ; Tue, 17 Feb 2004 09:00:29 -0800 (PST) (envelope-from dshaw@jabberwocky.com) Received: from claude.jabberwocky.com (walrus.ne.client2.attbi.com [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id i1HH0OS25762 for ; Tue, 17 Feb 2004 12:00:29 -0500 Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id i1HGuWi14675 for ietf-openpgp@imc.org; Tue, 17 Feb 2004 11:56:32 -0500 Date: Tue, 17 Feb 2004 11:56:32 -0500 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Let's resolve the end-of-line and whitespace question Message-ID: <20040217165632.GB13853@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20040211205055.GB18221@jabberwocky.com> <402ACDDE.4050207@systemics.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <402ACDDE.4050207@systemics.com> X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-Request-PGP: http://www.jabberwocky.com/david/keys.asc X-Phase-Of-Moon: The Moon is Waning Crescent (10% of Full) User-Agent: Mutt/1.5.6i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, Feb 11, 2004 at 07:50:38PM -0500, Ian Grigg wrote: > >I've seen comments that these details were inadvertent errors in > >2440 that would have or should have been fixed, and requests to the > >WG the change these two details in 2440bis to match the historical > >PGP behavior (after all, PGP 5 predates 2440 and there is a huge > >installed base of PGP 5-8). I've also seen comments that the WG > >mustn't change the published standard this many years after the > >fact to match behavior already declared noncompliant. > > > The two implementations that I deal with both implement 2440bis as > the (best available) standard. If 2440 has to be changed, then a > lot of implementations would have to be as well; it's long since > past that it was routine to treat the behaviour of pgp as a de facto > standard. Also, anecdotally, I think gpg has a pretty significant > market share these days, so we would have to quote what behaviour it > follows if there was to be any change in 2440. That's all fine with me. Like I said, I don't really have strong feelings for what the outcome of this is. I just want there to be *one* outcome. David From owner-ietf-openpgp@mail.imc.org Thu Feb 19 15:00:59 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA03841 for ; Thu, 19 Feb 2004 15:00:58 -0500 (EST) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1JJSICW073786; Thu, 19 Feb 2004 11:28:18 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1JJSCJf073784; Thu, 19 Feb 2004 11:28:12 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com ([63.73.97.162]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1JJSA3j073777 for ; Thu, 19 Feb 2004 11:28:11 -0800 (PST) (envelope-from jon@callas.org) Received: from bletchley.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.2.3) for ; Thu, 19 Feb 2004 11:28:04 -0800 Received: from [63.73.97.180] ([63.73.97.180]) by bletchley.merrymeet.com (PGP Universal service); Thu, 19 Feb 2004 11:28:11 -0800 In-Reply-To: <402ACDDE.4050207@systemics.com> References: <20040211205055.GB18221@jabberwocky.com> <402ACDDE.4050207@systemics.com> Mime-Version: 1.0 (Apple Message framework v612) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit Cc: ietf-openpgp@imc.org, David Shaw From: Jon Callas Subject: Re: Let's resolve the end-of-line and whitespace question Date: Thu, 19 Feb 2004 11:27:30 -0800 To: Ian Grigg X-Mailer: Apple Mail (2.612) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit > a) it would be useful if the whitespace were > clarified to eliminate potential Unicode white > space. > > > If someone will let me know what they are, I'll put them in. Jon From owner-ietf-openpgp@mail.imc.org Fri Feb 20 10:21:28 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA27708 for ; Fri, 20 Feb 2004 10:21:28 -0500 (EST) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1KEhLOX006221; Fri, 20 Feb 2004 06:43:21 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1KEhLIT006220; Fri, 20 Feb 2004 06:43:21 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by above.proper.com (8.12.11/8.12.8) with SMTP id i1KEhK7b006214 for ; Fri, 20 Feb 2004 06:43:20 -0800 (PST) (envelope-from iang@systemics.com) Received: (qmail 36031 invoked from network); 20 Feb 2004 14:43:21 -0000 Received: from softdnserror (HELO systemics.com) (216.26.241.29) by relay.pair.com with SMTP; 20 Feb 2004 14:43:21 -0000 X-pair-Authenticated: 216.26.241.29 Message-ID: <40361C22.1080102@systemics.com> Date: Fri, 20 Feb 2004 09:39:30 -0500 From: Ian Grigg User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6b) Gecko/20040113 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org Subject: Archive - missing messages Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit > The archive seems to have lost messages. The above is one example, here is another example: http://www.imc.org/ietf-openpgp/mail-archive/msg07728.html Which I found via google's cache: http://216.239.37.104/search?q=cache:quo_BiiFchkJ:www.imc.org/ietf-openpgp/mail-archive/msg07728.html+whitespace+UTF-8+Grigg+&hl=en&ie=UTF-8 Anyone have any clue as to what is happening? Is this a permanent loss or a glitch or what? iang From owner-ietf-openpgp@mail.imc.org Fri Feb 20 10:40:50 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA28996 for ; Fri, 20 Feb 2004 10:40:50 -0500 (EST) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1KFK6V8008542; Fri, 20 Feb 2004 07:20:06 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1KFK6Xg008541; Fri, 20 Feb 2004 07:20:06 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by above.proper.com (8.12.11/8.12.8) with SMTP id i1KFK55F008535 for ; Fri, 20 Feb 2004 07:20:05 -0800 (PST) (envelope-from iang@systemics.com) Received: (qmail 57396 invoked from network); 20 Feb 2004 15:20:05 -0000 Received: from softdnserror (HELO systemics.com) (216.26.241.29) by relay.pair.com with SMTP; 20 Feb 2004 15:20:05 -0000 X-pair-Authenticated: 216.26.241.29 Message-ID: <403624B7.8010007@systemics.com> Date: Fri, 20 Feb 2004 10:16:07 -0500 From: Ian Grigg User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6b) Gecko/20040113 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org CC: Jon Callas , Ian Grigg , David Shaw Subject: Re: Let's resolve the end-of-line and whitespace question References: <20040211205055.GB18221@jabberwocky.com> <402ACDDE.4050207@systemics.com> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Jon Callas wrote: >> a) it would be useful if the whitespace were >> clarified to eliminate potential Unicode white >> space. >> >> >> > > If someone will let me know what they are, I'll put them in. The above thread seems to have been renumbered to be this one: http://www.imc.org/ietf-openpgp/mail-archive/msg04791.html http://www.imc.org/ietf-openpgp/mail-archive/msg04793.html Here's a summary: UTF-8 character sets can include whitespace in seemingly arbitrary fashions. As the UTF-8 space is very large, it seems unreasonable for the OpenPGP WG to attempt to track what is whitespace from a complete, UTF-8, point of view. However, whitespace is declared as being stripped, and the implication in the rfc2440 document is that this is declared to be common us-ascii formats, explicitly. So a way through this may be to say, in the context of cleartext signatures: a) us-ascii whitespace is always stripped from the end of lines in signature calculation, both in signing and verification. b) UTF-8 whitespace may be stripped from the end of lines in signing, but in this case, the document should be transmitted in its clean interchange form, with these characters cleaned from the end of lines, so that the recipient can calculate (verify) correctly. Ref: Jon Callas, http://www.imc.org/ietf-openpgp/mail-archive/msg03753.html which would merit being included as a policy within the rfc2440 (that is, cleartext sig preparation should change documents into the interchange format, and thus strip whitespace proactively). c) us-ascii whitespace is defined to be, for the purposes of RFC2440 cleartext signature calculations, a) above, to be: 1. space (0x20), tab (0x09), nl (0x0a), cr (0x0d) ... 2. everything <= 0x20, or 3. or... (pick one) - the essence being here that the document does not define which it is. Assuming this is acceptable to the WG, the above messages include some example suggested text (now 04791, 04793; which google previously recorded as 07728, 07718). Alternatively, if the WG has decided to define UTF-8 whitespace and strip it from cleartext, is that something that happened in Seoul? Are there notes on this? iang From owner-ietf-openpgp@mail.imc.org Fri Feb 20 11:21:43 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA00485 for ; Fri, 20 Feb 2004 11:21:41 -0500 (EST) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1KG0Gfa010961; Fri, 20 Feb 2004 08:00:16 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1KG0GU5010960; Fri, 20 Feb 2004 08:00:16 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from zbasel.fortytwo.ch (zbasel.fortytwo.ch [212.254.206.135]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1KG0F0c010952 for ; Fri, 20 Feb 2004 08:00:15 -0800 (PST) (envelope-from avbidder@fortytwo.ch) Received: from onaras.ch (zux174-013.adsl.green.ch [80.254.174.13]) by zbasel.fortytwo.ch (Postfix) with ESMTP id B2506840 for ; Fri, 20 Feb 2004 17:00:14 +0100 (CET) From: Adrian von Bidder To: ietf-openpgp@imc.org Subject: Re: Let's resolve the end-of-line and whitespace question Date: Fri, 20 Feb 2004 17:00:07 +0100 User-Agent: KMail/1.6 References: <403624B7.8010007@systemics.com> In-Reply-To: <403624B7.8010007@systemics.com> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_M8iNANtGf/a2RrR"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200402201700.12759@fortytwo.ch> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --Boundary-02=_M8iNANtGf/a2RrR Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Friday 20 February 2004 16.16, Ian Grigg wrote: > b) UTF-8 whitespace may be stripped from the > end of lines in signing, but in this case, the > document should be transmitted in its clean > interchange form, with these characters > cleaned from the end of lines, so that the > recipient can calculate (verify) correctly. s/transmitted/signed/ perhaps? Perhaps just state that the behaviour of OpenPGP implementations wrt non-as= cii=20 whitespace at EOL is undefined, thus signing such texts should be avoided (= by=20 removing/encoding such ws)? cheers =2D- vbi =2D-=20 Dogs just don't seem to be able to tell the difference between important=20 people and the rest of us. --Boundary-02=_M8iNANtGf/a2RrR Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iKcEABECAGcFAkA2LwxgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l6gg8AnjKUskRyUCZwqx115BOup+CB DmImAKCglWtAidkJVHqzDUygS5niDsQwOw== =9iLa -----END PGP SIGNATURE----- --Boundary-02=_M8iNANtGf/a2RrR-- From owner-ietf-openpgp@mail.imc.org Fri Feb 20 11:59:47 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA01773 for ; Fri, 20 Feb 2004 11:59:46 -0500 (EST) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1KGJJem012367; Fri, 20 Feb 2004 08:19:19 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1KGJJH5012365; Fri, 20 Feb 2004 08:19:19 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.135]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1KGJIjq012358 for ; Fri, 20 Feb 2004 08:19:18 -0800 (PST) (envelope-from vedaal@hush.com) Received: from mailserver2.hushmail.com (mailserver2.hushmail.com [65.39.178.21]) by smtp3.hushmail.com (Postfix) with ESMTP id 1B8DE10E77E for ; Fri, 20 Feb 2004 08:19:20 -0800 (PST) Received: from mailserver2.hushmail.com (localhost.hushmail.com [127.0.0.1]) by mailserver2.hushmail.com (8.12.6/8.12.3) with ESMTP id i1KGJKKs024011 for ; Fri, 20 Feb 2004 08:19:20 -0800 (PST) (envelope-from vedaal@hush.com) Received: (from nobody@localhost) by mailserver2.hushmail.com (8.12.6/8.12.3/Submit) id i1KGJKqT024010 for ietf-openpgp@imc.org; Fri, 20 Feb 2004 08:19:20 -0800 (PST) Message-Id: <200402201619.i1KGJKqT024010@mailserver2.hushmail.com> Date: Fri, 20 Feb 2004 08:19:20 -0800 To: ietf-openpgp@imc.org Subject: Re: Let's resolve the end-of-line and whitespace question From: Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: >So a way through this may be to say, in the >context of cleartext signatures: > > a) us-ascii whitespace is always stripped from > the end of lines in signature calculation, > both in signing and verification. > > b) UTF-8 whitespace may be stripped from the > end of lines in signing, but in this case, the > document should be transmitted in its clean > interchange form, with these characters > cleaned from the end of lines, so that the > recipient can calculate (verify) correctly. as this is an area of potential confusion that may appear to render a clearsigned message signature 'bad' , then would it be advisable/feasible to add a packet to clearsigned messages, that would include the whitespace parameters used by the implemenatation, as well as the total number of lines, columns,and 'empty' whitespace lines of the final clearsigned text (counting from the header of the message, to the header of the signature) this would allow for a simple reconstruction of the message, back into proper verifiable form, no matter how mangled it might be by various e-mail client and re-mailers, vedaal Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 From owner-ietf-openpgp@mail.imc.org Fri Feb 20 18:22:01 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA21774 for ; Fri, 20 Feb 2004 18:22:00 -0500 (EST) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1KMxPlI035010; Fri, 20 Feb 2004 14:59:25 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1KMxP3S035009; Fri, 20 Feb 2004 14:59:25 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com ([63.73.97.162]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1KMxOlE035003 for ; Fri, 20 Feb 2004 14:59:24 -0800 (PST) (envelope-from jon@callas.org) Received: from bletchley.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.2.3) for ; Fri, 20 Feb 2004 14:59:25 -0800 Received: from [192.168.2.235] ([63.251.255.25]) by bletchley.merrymeet.com (PGP Universal service); Fri, 20 Feb 2004 14:59:28 -0800 In-Reply-To: <403624B7.8010007@systemics.com> References: <20040211205055.GB18221@jabberwocky.com> <402ACDDE.4050207@systemics.com> <403624B7.8010007@systemics.com> Mime-Version: 1.0 (Apple Message framework v612) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <5EE6E39A-63F8-11D8-9A2E-000A9568596C@callas.org> Content-Transfer-Encoding: 7bit Cc: ietf-openpgp@imc.org, David Shaw From: Jon Callas Subject: Re: Let's resolve the end-of-line and whitespace question Date: Fri, 20 Feb 2004 14:59:00 -0800 To: Ian Grigg X-Mailer: Apple Mail (2.612) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit > Alternatively, if the WG has decided to define > UTF-8 whitespace and strip it from cleartext, is > that something that happened in Seoul? Are there > notes on this? > Seoul hasn't happened yet. It happens in a couple of weeks. I'm not going to be there, so we'll all need an update of what gets discussed there. Before then, however, I have a proposal: How about if we remove any whitespace things, and just canonicalize line ends? It sounds like Unicode whitespace may be a huge can of worms. Alternatively, we could just say trim anything that's <= 0x20, which is a simple enough thing that solves some obvious attacks with backspacing and bare CRs to overstrike. Jon From owner-ietf-openpgp@mail.imc.org Fri Feb 20 18:23:47 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA21997 for ; Fri, 20 Feb 2004 18:23:47 -0500 (EST) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1KMsndG034455; Fri, 20 Feb 2004 14:54:49 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1KMsnvi034453; Fri, 20 Feb 2004 14:54:49 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com ([63.73.97.162]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1KMsl35034446 for ; Fri, 20 Feb 2004 14:54:48 -0800 (PST) (envelope-from jon@callas.org) Received: from bletchley.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.2.3) for ; Fri, 20 Feb 2004 14:54:47 -0800 Received: from [192.168.2.235] ([63.251.255.25]) by bletchley.merrymeet.com (PGP Universal service); Fri, 20 Feb 2004 14:54:49 -0800 In-Reply-To: <20040211205055.GB18221@jabberwocky.com> References: <20040211205055.GB18221@jabberwocky.com> Mime-Version: 1.0 (Apple Message framework v612) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit Cc: ietf-openpgp@imc.org From: Jon Callas Subject: Re: Let's resolve the end-of-line and whitespace question Date: Fri, 20 Feb 2004 14:54:49 -0800 To: David Shaw X-Mailer: Apple Mail (2.612) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit > 1) 2440 says of the canonical text signature (sigclass 0x01): > > The signature is calculated over the text data with its line > endings converted to and trailing blanks removed. > > This is different than what every version of PGP though 8 does. > These implementations do the line endings, but do not > remove trailing blanks (essentially PGP 2.x behavior). > I'm happy to consider this a bug, myself, if consensus says that's what the behavior should be. This is probably a case where there's code in there that was written by either Derek or Peter Gutmann and no one's changed it since then. :-) > 2) 2440 says of the cleartext signature: > > Also, any trailing whitespace (spaces, and tabs, 0x09) at the > end of any line is ignored when the cleartext signature is > calculated. > > Again, PGP through 8 implements this differently than 2440 says, > where trailing spaces are removed, but trailing tabs are not > (again, PGP 2.x behavior). > > I've seen comments that these details were inadvertent errors in 2440 > that would have or should have been fixed, and requests to the WG the > change these two details in 2440bis to match the historical PGP > behavior (after all, PGP 5 predates 2440 and there is a huge installed > base of PGP 5-8). I've also seen comments that the WG mustn't change > the published standard this many years after the fact to match > behavior already declared noncompliant. No, this is not an inadvertent error. It was an intentional change. PGP 5 did predate 2440 and there are a number of small changes between its behavior and what's in 2440. Moreover, this version is now seven years old and has not been supported in so long that I can't even remember how long it has been unsupported. It is not 2440-compliant, can't be because it predated 2440, is not supported by its producer, and really isn't germane to any discussion of 2440. Please stop bringing it up. It's dead. Thank you, I feel much better now. The 2440 change in text signatures (adding in whitespace trimming) was one of a number of small things there that were debated as to what the right thing should be, rather than what went before. There are many good reasons for removing trailing whitespace at the end of anything that's text mode. It's the sort of thing that gets mangled easily and undetectably, as well as a covert channel. (I come from an era in which is was common practice for text editors to trim trailing whitespace when saving a file, and consider it a feature rather than a bug.) However, I'd be perfectly happy to settle it once and for all by saying only normalize line ends, even. We can just not worry about the whitespace. In short, if the consensus here is that however well-meaning that change was, it was a bad idea, it's easy to fix. I can see that Unicode issues might turn this into a swamp in ways that just trimming spaces and tabs isn't. > Jon Callas pointed out in... I'll repeat a broader opinion I have on this. I think that text mode should be an assurance that the signed data is in a particular format, so that it can be handled accurately, not a commentary on how to canonicalize. The reasons I think this is a good idea are that it be an assurance include: * If it's just an assurance, then you verify a signature the same way for text mode and binary mode. This is better for the code in a lot of ways. * If it's just an assurance, and the assurance is wrong (because of bugs or incompatibilities), then you end up with a good signature over data that isn't exactly in the format you wanted. This is a much better failure mode than getting good data, but not knowing how to verify the data. It's a fail-soft situation. Jon From owner-ietf-openpgp@mail.imc.org Fri Feb 20 21:28:08 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA28703 for ; Fri, 20 Feb 2004 21:28:07 -0500 (EST) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1L28cKR044528; Fri, 20 Feb 2004 18:08:38 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1L28cMp044526; Fri, 20 Feb 2004 18:08:38 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by above.proper.com (8.12.11/8.12.8) with SMTP id i1L28aIS044505 for ; Fri, 20 Feb 2004 18:08:37 -0800 (PST) (envelope-from iang@systemics.com) Received: (qmail 4833 invoked from network); 21 Feb 2004 02:08:41 -0000 Received: from 66.152.48-163.ded.btitelecom.net (HELO systemics.com) (66.152.48.163) by relay.pair.com with SMTP; 21 Feb 2004 02:08:41 -0000 X-pair-Authenticated: 66.152.48.163 Message-ID: <4036BCC1.8090607@systemics.com> Date: Fri, 20 Feb 2004 21:04:49 -0500 From: Ian Grigg User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6b) Gecko/20040113 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jon Callas CC: ietf-openpgp@imc.org, David Shaw Subject: Re: Let's resolve the end-of-line and whitespace question References: <20040211205055.GB18221@jabberwocky.com> <402ACDDE.4050207@systemics.com> <403624B7.8010007@systemics.com> <5EE6E39A-63F8-11D8-9A2E-000A9568596C@callas.org> In-Reply-To: <5EE6E39A-63F8-11D8-9A2E-000A9568596C@callas.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Jon Callas wrote: > ... It sounds like Unicode whitespace may be a huge can of worms. From the little research I did, I couldn't find any help in "defining Unicode whitespace," so, yes, I agree it will be a huge can of worms. (Unicode in any context is a mess, but it seems clear that we need something, so UTF-8 it is.) > Alternatively, we could just say trim anything that's <= 0x20, which is > a simple enough thing that solves some obvious attacks with backspacing > and bare CRs to overstrike. Good point, that would get my vote. I'd prefer the "chars <= 0x20" test as it is very clear, easy to code, and it resolves what one does when some spurious unprintable char we haven't thought about comes into play. I hadn't thought about backspaces... (other mail:) > The 2440 change in text signatures (adding in whitespace trimming) was > one of a number of small things there that were debated as to what the > right thing should be, rather than what went before. There are many good > reasons for removing trailing whitespace at the end of anything that's > text mode. It's the sort of thing that gets mangled easily and > undetectably, as well as a covert channel. (I come from an era in which > is was common practice for text editors to trim trailing whitespace when > saving a file, and consider it a feature rather than a bug.) It may be that the era is not dead. There are a number of scenarios that either add or change whitespace on the ends of lines; cut&paste does it in circumstances which are too boring to research. > However, I'd be perfectly happy to settle it once and for all by saying > only normalize line ends, even. We can just not worry about the > whitespace. In short, if the consensus here is that however well-meaning > that change was, it was a bad idea, it's easy to fix. I can see that > Unicode issues might turn this into a swamp in ways that just trimming > spaces and tabs isn't. My vote would be to trim whitespace and normalise line endines to CR/NL, where whitespace is <=0x20: Also, any trailing whitespace (characters <= 0x20) at the end of any line is ignored when the cleartext signature is calculated. I think there should be a comment in there that indicates what to do with Unicode, just to show we thought about it, and not waste people's time asking the question when they are implementing. Something like: Unicode whitespace, where defined, SHOULD NOT be ignored. Or, No Unicode whitespace characters are defined. Leaving open the possibility of defining them in an update? iang From owner-ietf-openpgp@mail.imc.org Fri Feb 20 23:21:06 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA02281 for ; Fri, 20 Feb 2004 23:21:06 -0500 (EST) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1L3amXv049185; Fri, 20 Feb 2004 19:36:48 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1L3amdg049184; Fri, 20 Feb 2004 19:36:48 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (IDENT:root@226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1L3akPB049178 for ; Fri, 20 Feb 2004 19:36:46 -0800 (PST) (envelope-from hal@finney.org) Received: (from hal@localhost) by finney.org (8.11.6/8.11.6) id i1L3aWk32474 for ietf-openpgp@imc.org; Fri, 20 Feb 2004 19:36:32 -0800 Date: Fri, 20 Feb 2004 19:36:32 -0800 From: "Hal Finney" Message-Id: <200402210336.i1L3aWk32474@finney.org> To: ietf-openpgp@imc.org Subject: Re: Let's resolve the end-of-line and whitespace question Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Poking around at www.unicode.org, I found this character names list: http://www.unicode.org/Public/UNIDATA/NamesList.txt Grepping for "space", and cross-checking against the code charts at http://www.unicode.org/charts/, produces the following list of Unicode whitespace characters: 0020 SPACE 00A0 NO-BREAK SPACE 2002 - 200B (various widths of spaces) 202F NARROW NO-BREAK SPACE 205F MEDIUM MATHEMATICAL SPACE 2060 WORD JOINER 3000 IDEOGRAPHIC SPACE FEFF ZERO WIDTH NO-BREAK SPACE You'll notice that tab is not present, nor are carriage return, line feed, form feed, etc. These are considered "control" characters. Now, of these space characters, NO-BREAK SPACE should not occur at the end of a line, because that is what a no-break space means, a space between two words where no line break should occur. Neither should NARROW NO-BREAK SPACE, WORD JOINER (which is a no-break space), or ZERO WIDTH NO-BREAK SPACE. Therefore I think all of these should be hashed even if they do occur at the end of a line. The 2002-200B variable-width spaces include "N" space, "M" space, "thin" space, "hair" space, etc. These are presumably used for typographic purposes to precisely specify the layout. If they are at the end of a line, I think we can assume they are there for a purpose and should be hashed. Likewise with MEDIUM MATHEMATICAL SPACE, which is four-eighteenths of an M space. The only one left is IDEOGRAPHIC SPACE, which I suspect is the default space character in ideographic languages (although it's possible they use ordinary SPACE). I could imagine it being put at the end of a line by accident, by a Chinese typist or poorly designed word processing program, so I'd suggest that it should be stripped before hashing. This is the only one I would suggest adding, along with SPACE. As far as control characters, there are many of them, but most of them either should not be present in text documents or if they are, they are significant and should be hashed. However, in addition to whitespace we also need to think about line terminators, because that's where we want to strip whitespace. What character is used in vertically laid out languages to mean "go to the next column"? Is it one of carriage return or line feed? Or something else? Hal Finney From owner-ietf-openpgp@mail.imc.org Tue Feb 24 11:38:52 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA28627 for ; Tue, 24 Feb 2004 11:38:51 -0500 (EST) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1OFsqd4054341; Tue, 24 Feb 2004 07:54:52 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1OFsqKU054340; Tue, 24 Feb 2004 07:54:52 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from dogbert.ihtfp.org (me@DOGBERT.IHTFP.ORG [204.107.200.33]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1OFso4o054332 for ; Tue, 24 Feb 2004 07:54:51 -0800 (PST) (envelope-from warlord@MIT.EDU) Received: (from warlord@localhost) by dogbert.ihtfp.org (8.12.9) id i1OFsohF005669; Tue, 24 Feb 2004 10:54:50 -0500 To: agenda@ietf.org Cc: ietf-openpgp@imc.org Subject: Agenda for OpenPGP Working Group From: Derek Atkins Date: Tue, 24 Feb 2004 10:54:50 -0500 Message-ID: User-Agent: Gnus/5.1003 (Gnus v5.10.3) Emacs/21.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: OpenPGP Working Group Agenda Tuesday, March 2, 2004 1300-1400, Sapphire 4 * Introductions Appoint a Secretary Stuckee Call for Agenda Changes * draft-ietf-openpgp-rfc2440bis Document Status Open Issues * rechartering Updated Milestones -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant From owner-ietf-openpgp@mail.imc.org Wed Feb 25 01:11:42 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA29739 for ; Wed, 25 Feb 2004 01:11:41 -0500 (EST) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1P5oJN5000203; Tue, 24 Feb 2004 21:50:19 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1P5oJbU000202; Tue, 24 Feb 2004 21:50:19 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from omgo.iij.ad.jp (omgo.iij.ad.jp [202.232.30.157]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1P5oHL0000193 for ; Tue, 24 Feb 2004 21:50:18 -0800 (PST) (envelope-from kazu@iijlab.net) Received: OMGO id i1P5nxPL006717; Wed, 25 Feb 2004 14:49:59 +0900 (JST) Received: OTM-MIX0 id i1P5nwjr014650; Wed, 25 Feb 2004 14:49:58 +0900 (JST) Received: JC-SMTP from localhost (jc-ssh.iij.ad.jp [192.168.174.22]) id i1P5nu2n016141; Wed, 25 Feb 2004 14:49:57 +0900 (JST) Date: Wed, 25 Feb 2004 14:48:00 +0900 (JST) Message-Id: <20040225.144800.243252408.kazu@iijlab.net> To: derek@ihtfp.com Cc: agenda@ietf.org, ietf-openpgp@imc.org Subject: Re: Agenda for OpenPGP Working Group From: Kazu Yamamoto (=?iso-2022-jp?B?GyRCOzNLXE9CSScbKEI=?=) In-Reply-To: References: X-Mailer: Mew version 4.0.64 on Emacs 21.3.50 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Multipart/Mixed; boundary="--Next_Part(Wed_Feb_25_14_48_01_2004_783)--" Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: ----Next_Part(Wed_Feb_25_14_48_01_2004_783)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hello Derek, > * draft-ietf-openpgp-rfc2440bis > Document Status > Open Issues I will not be there. But would you consider my comments below? The situation is the same for rfc2440bis-09. --Kazu ----Next_Part(Wed_Feb_25_14_48_01_2004_783)-- Content-Type: Message/Rfc822 Content-Disposition: inline Date: Thu, 27 Jun 2002 19:25:57 +0900 (JST) Message-Id: <20020627.192557.125129914.kazu@iijlab.net> To: ietf-openpgp@imc.org Cc: stefan@epy.co.at Subject: Secret Key Packet Formats From: Kazu Yamamoto (=?iso-2022-jp?B?GyRCOzNLXE9CSScbKEI=?=) X-Mailer: Mew version 3.0.55 on Emacs 20.7 / Mule 4.0 (HANANOEN) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hello all, I have several comments on Section 5.5.3 (Secret Key Packet Formats) of 2440bis-05. > - [Optional] If secret data is encrypted, Initial Vector (IV) of > the same length as the cipher's block size. The following might be more easy to understand. - [Optional] If secret data is encrypted(string-to-key usage octet was not 0), Initial Vector (IV) of the same length as the cipher's block size. > - Encrypted multi-precision integers comprising the secret key > data. These algorithm-specific fields are as described below. If string-to-key usage octet was 0, this field is not encrypted. So, this should be: - Plain or encrypted multi-precision integers comprising the secret key data. These algorithm-specific fields are as described below. > - If the string-to-key usage octet was 255, then a two-octet > checksum of the plaintext of the algorithm-specific portion (sum > of all octets, mod 65536). If the string-to-key usage octet was > 254, then a 20-octet SHA-1 hash of the plaintext of the > algorithm-specific portion. This checksum or hash is encrypted > together with the algorithm-specific fields. This does not corver the other values than 254 and 255. According to RFC 2440, a two-octet checksum is necessary for the other values. > The 16-bit checksum that follows the algorithm-specific portion is > the algebraic sum, mod 65536, of the plaintext of all the > algorithm-specific octets (including MPI prefix and data). With V3 > keys, the checksum is stored in the clear. With V4 keys, the > checksum is encrypted like the algorithm-specific data. This value > is used to check that the passphrase was correct. However, this > checksum is deprecated; an implementation SHOULD NOT use it, but > should rather use the SHA-1 hash denoted with a usage octet of 254. > The reason for this is that there are some attacks on the private > key that can undetectably modify the secret key. Using a SHA-1 hash > prevents this. "16-bit checksum" should be "two-octet checksum". This paragraph should cover V2. Actually, old PGP commands produce Secret Key Packet with V2. Combination of string-to-key usage octet and format version is unclear. 2440bis-05 is read like: V3 V4 0 254 encrypted sha1 hash encrypted sha1 hash 255 clear checksum encrypted checksum others But I think this matrix should be: V2/V3 V4 0 clear checksum clear checksum 254 clear checksum encrypted sha1 hash 255 clear checksum encrypted checksum others clear checksum encrypted checksum If this is correct, I hope improvement of this section will be made in the next draft. Thanks. --Kazu ----Next_Part(Wed_Feb_25_14_48_01_2004_783)---- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1P5oJN5000203; Tue, 24 Feb 2004 21:50:19 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1P5oJbU000202; Tue, 24 Feb 2004 21:50:19 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from omgo.iij.ad.jp (omgo.iij.ad.jp [202.232.30.157]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1P5oHL0000193 for ; Tue, 24 Feb 2004 21:50:18 -0800 (PST) (envelope-from kazu@iijlab.net) Received: OMGO id i1P5nxPL006717; Wed, 25 Feb 2004 14:49:59 +0900 (JST) Received: OTM-MIX0 id i1P5nwjr014650; Wed, 25 Feb 2004 14:49:58 +0900 (JST) Received: JC-SMTP from localhost (jc-ssh.iij.ad.jp [192.168.174.22]) id i1P5nu2n016141; Wed, 25 Feb 2004 14:49:57 +0900 (JST) Date: Wed, 25 Feb 2004 14:48:00 +0900 (JST) Message-Id: <20040225.144800.243252408.kazu@iijlab.net> To: derek@ihtfp.com Cc: agenda@ietf.org, ietf-openpgp@imc.org Subject: Re: Agenda for OpenPGP Working Group From: Kazu Yamamoto (=?iso-2022-jp?B?GyRCOzNLXE9CSScbKEI=?=) In-Reply-To: References: X-Mailer: Mew version 4.0.64 on Emacs 21.3.50 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Multipart/Mixed; boundary="--Next_Part(Wed_Feb_25_14_48_01_2004_783)--" Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: ----Next_Part(Wed_Feb_25_14_48_01_2004_783)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hello Derek, > * draft-ietf-openpgp-rfc2440bis > Document Status > Open Issues I will not be there. But would you consider my comments below? The situation is the same for rfc2440bis-09. --Kazu ----Next_Part(Wed_Feb_25_14_48_01_2004_783)-- Content-Type: Message/Rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: inline Date: Thu, 27 Jun 2002 19:25:57 +0900 (JST) Message-Id: <20020627.192557.125129914.kazu@iijlab.net> To: ietf-openpgp@imc.org Cc: stefan@epy.co.at Subject: Secret Key Packet Formats From: Kazu Yamamoto (=?iso-2022-jp?B?GyRCOzNLXE9CSScbKEI=?=) X-Mailer: Mew version 3.0.55 on Emacs 20.7 / Mule 4.0 (HANANOEN) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hello all, I have several comments on Section 5.5.3 (Secret Key Packet Formats) of 2440bis-05. > - [Optional] If secret data is encrypted, Initial Vector (IV) of > the same length as the cipher's block size. The following might be more easy to understand. - [Optional] If secret data is encrypted(string-to-key usage octet was not 0), Initial Vector (IV) of the same length as the cipher's block size. > - Encrypted multi-precision integers comprising the secret key > data. These algorithm-specific fields are as described below. If string-to-key usage octet was 0, this field is not encrypted. So, this should be: - Plain or encrypted multi-precision integers comprising the secret key data. These algorithm-specific fields are as described below. > - If the string-to-key usage octet was 255, then a two-octet > checksum of the plaintext of the algorithm-specific portion (sum > of all octets, mod 65536). If the string-to-key usage octet was > 254, then a 20-octet SHA-1 hash of the plaintext of the > algorithm-specific portion. This checksum or hash is encrypted > together with the algorithm-specific fields. This does not corver the other values than 254 and 255. According to RFC 2440, a two-octet checksum is necessary for the other values. > The 16-bit checksum that follows the algorithm-specific portion is > the algebraic sum, mod 65536, of the plaintext of all the > algorithm-specific octets (including MPI prefix and data). With V3 > keys, the checksum is stored in the clear. With V4 keys, the > checksum is encrypted like the algorithm-specific data. This value > is used to check that the passphrase was correct. However, this > checksum is deprecated; an implementation SHOULD NOT use it, but > should rather use the SHA-1 hash denoted with a usage octet of 254. > The reason for this is that there are some attacks on the private > key that can undetectably modify the secret key. Using a SHA-1 hash > prevents this. "16-bit checksum" should be "two-octet checksum". This paragraph should cover V2. Actually, old PGP commands produce Secret Key Packet with V2. Combination of string-to-key usage octet and format version is unclear. 2440bis-05 is read like: V3 V4 0 254 encrypted sha1 hash encrypted sha1 hash 255 clear checksum encrypted checksum others But I think this matrix should be: V2/V3 V4 0 clear checksum clear checksum 254 clear checksum encrypted sha1 hash 255 clear checksum encrypted checksum others clear checksum encrypted checksum If this is correct, I hope improvement of this section will be made in the next draft. Thanks. --Kazu ----Next_Part(Wed_Feb_25_14_48_01_2004_783)---- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1OFsqd4054341; Tue, 24 Feb 2004 07:54:52 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1OFsqKU054340; Tue, 24 Feb 2004 07:54:52 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from dogbert.ihtfp.org (me@DOGBERT.IHTFP.ORG [204.107.200.33]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1OFso4o054332 for ; Tue, 24 Feb 2004 07:54:51 -0800 (PST) (envelope-from warlord@MIT.EDU) Received: (from warlord@localhost) by dogbert.ihtfp.org (8.12.9) id i1OFsohF005669; Tue, 24 Feb 2004 10:54:50 -0500 To: agenda@ietf.org Cc: ietf-openpgp@imc.org Subject: Agenda for OpenPGP Working Group From: Derek Atkins Date: Tue, 24 Feb 2004 10:54:50 -0500 Message-ID: User-Agent: Gnus/5.1003 (Gnus v5.10.3) Emacs/21.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: OpenPGP Working Group Agenda Tuesday, March 2, 2004 1300-1400, Sapphire 4 * Introductions Appoint a Secretary Stuckee Call for Agenda Changes * draft-ietf-openpgp-rfc2440bis Document Status Open Issues * rechartering Updated Milestones -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1L3amXv049185; Fri, 20 Feb 2004 19:36:48 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1L3amdg049184; Fri, 20 Feb 2004 19:36:48 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (IDENT:root@226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1L3akPB049178 for ; Fri, 20 Feb 2004 19:36:46 -0800 (PST) (envelope-from hal@finney.org) Received: (from hal@localhost) by finney.org (8.11.6/8.11.6) id i1L3aWk32474 for ietf-openpgp@imc.org; Fri, 20 Feb 2004 19:36:32 -0800 Date: Fri, 20 Feb 2004 19:36:32 -0800 From: "Hal Finney" Message-Id: <200402210336.i1L3aWk32474@finney.org> To: ietf-openpgp@imc.org Subject: Re: Let's resolve the end-of-line and whitespace question Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Poking around at www.unicode.org, I found this character names list: http://www.unicode.org/Public/UNIDATA/NamesList.txt Grepping for "space", and cross-checking against the code charts at http://www.unicode.org/charts/, produces the following list of Unicode whitespace characters: 0020 SPACE 00A0 NO-BREAK SPACE 2002 - 200B (various widths of spaces) 202F NARROW NO-BREAK SPACE 205F MEDIUM MATHEMATICAL SPACE 2060 WORD JOINER 3000 IDEOGRAPHIC SPACE FEFF ZERO WIDTH NO-BREAK SPACE You'll notice that tab is not present, nor are carriage return, line feed, form feed, etc. These are considered "control" characters. Now, of these space characters, NO-BREAK SPACE should not occur at the end of a line, because that is what a no-break space means, a space between two words where no line break should occur. Neither should NARROW NO-BREAK SPACE, WORD JOINER (which is a no-break space), or ZERO WIDTH NO-BREAK SPACE. Therefore I think all of these should be hashed even if they do occur at the end of a line. The 2002-200B variable-width spaces include "N" space, "M" space, "thin" space, "hair" space, etc. These are presumably used for typographic purposes to precisely specify the layout. If they are at the end of a line, I think we can assume they are there for a purpose and should be hashed. Likewise with MEDIUM MATHEMATICAL SPACE, which is four-eighteenths of an M space. The only one left is IDEOGRAPHIC SPACE, which I suspect is the default space character in ideographic languages (although it's possible they use ordinary SPACE). I could imagine it being put at the end of a line by accident, by a Chinese typist or poorly designed word processing program, so I'd suggest that it should be stripped before hashing. This is the only one I would suggest adding, along with SPACE. As far as control characters, there are many of them, but most of them either should not be present in text documents or if they are, they are significant and should be hashed. However, in addition to whitespace we also need to think about line terminators, because that's where we want to strip whitespace. What character is used in vertically laid out languages to mean "go to the next column"? Is it one of carriage return or line feed? Or something else? Hal Finney Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1L28cKR044528; Fri, 20 Feb 2004 18:08:38 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1L28cMp044526; Fri, 20 Feb 2004 18:08:38 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by above.proper.com (8.12.11/8.12.8) with SMTP id i1L28aIS044505 for ; Fri, 20 Feb 2004 18:08:37 -0800 (PST) (envelope-from iang@systemics.com) Received: (qmail 4833 invoked from network); 21 Feb 2004 02:08:41 -0000 Received: from 66.152.48-163.ded.btitelecom.net (HELO systemics.com) (66.152.48.163) by relay.pair.com with SMTP; 21 Feb 2004 02:08:41 -0000 X-pair-Authenticated: 66.152.48.163 Message-ID: <4036BCC1.8090607@systemics.com> Date: Fri, 20 Feb 2004 21:04:49 -0500 From: Ian Grigg User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6b) Gecko/20040113 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jon Callas CC: ietf-openpgp@imc.org, David Shaw Subject: Re: Let's resolve the end-of-line and whitespace question References: <20040211205055.GB18221@jabberwocky.com> <402ACDDE.4050207@systemics.com> <403624B7.8010007@systemics.com> <5EE6E39A-63F8-11D8-9A2E-000A9568596C@callas.org> In-Reply-To: <5EE6E39A-63F8-11D8-9A2E-000A9568596C@callas.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Jon Callas wrote: > ... It sounds like Unicode whitespace may be a huge can of worms. From the little research I did, I couldn't find any help in "defining Unicode whitespace," so, yes, I agree it will be a huge can of worms. (Unicode in any context is a mess, but it seems clear that we need something, so UTF-8 it is.) > Alternatively, we could just say trim anything that's <= 0x20, which is > a simple enough thing that solves some obvious attacks with backspacing > and bare CRs to overstrike. Good point, that would get my vote. I'd prefer the "chars <= 0x20" test as it is very clear, easy to code, and it resolves what one does when some spurious unprintable char we haven't thought about comes into play. I hadn't thought about backspaces... (other mail:) > The 2440 change in text signatures (adding in whitespace trimming) was > one of a number of small things there that were debated as to what the > right thing should be, rather than what went before. There are many good > reasons for removing trailing whitespace at the end of anything that's > text mode. It's the sort of thing that gets mangled easily and > undetectably, as well as a covert channel. (I come from an era in which > is was common practice for text editors to trim trailing whitespace when > saving a file, and consider it a feature rather than a bug.) It may be that the era is not dead. There are a number of scenarios that either add or change whitespace on the ends of lines; cut&paste does it in circumstances which are too boring to research. > However, I'd be perfectly happy to settle it once and for all by saying > only normalize line ends, even. We can just not worry about the > whitespace. In short, if the consensus here is that however well-meaning > that change was, it was a bad idea, it's easy to fix. I can see that > Unicode issues might turn this into a swamp in ways that just trimming > spaces and tabs isn't. My vote would be to trim whitespace and normalise line endines to CR/NL, where whitespace is <=0x20: Also, any trailing whitespace (characters <= 0x20) at the end of any line is ignored when the cleartext signature is calculated. I think there should be a comment in there that indicates what to do with Unicode, just to show we thought about it, and not waste people's time asking the question when they are implementing. Something like: Unicode whitespace, where defined, SHOULD NOT be ignored. Or, No Unicode whitespace characters are defined. Leaving open the possibility of defining them in an update? iang Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1KMxPlI035010; Fri, 20 Feb 2004 14:59:25 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1KMxP3S035009; Fri, 20 Feb 2004 14:59:25 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com ([63.73.97.162]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1KMxOlE035003 for ; Fri, 20 Feb 2004 14:59:24 -0800 (PST) (envelope-from jon@callas.org) Received: from bletchley.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.2.3) for ; Fri, 20 Feb 2004 14:59:25 -0800 Received: from [192.168.2.235] ([63.251.255.25]) by bletchley.merrymeet.com (PGP Universal service); Fri, 20 Feb 2004 14:59:28 -0800 In-Reply-To: <403624B7.8010007@systemics.com> References: <20040211205055.GB18221@jabberwocky.com> <402ACDDE.4050207@systemics.com> <403624B7.8010007@systemics.com> Mime-Version: 1.0 (Apple Message framework v612) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <5EE6E39A-63F8-11D8-9A2E-000A9568596C@callas.org> Content-Transfer-Encoding: 7bit Cc: ietf-openpgp@imc.org, David Shaw From: Jon Callas Subject: Re: Let's resolve the end-of-line and whitespace question Date: Fri, 20 Feb 2004 14:59:00 -0800 To: Ian Grigg X-Mailer: Apple Mail (2.612) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: > Alternatively, if the WG has decided to define > UTF-8 whitespace and strip it from cleartext, is > that something that happened in Seoul? Are there > notes on this? > Seoul hasn't happened yet. It happens in a couple of weeks. I'm not going to be there, so we'll all need an update of what gets discussed there. Before then, however, I have a proposal: How about if we remove any whitespace things, and just canonicalize line ends? It sounds like Unicode whitespace may be a huge can of worms. Alternatively, we could just say trim anything that's <= 0x20, which is a simple enough thing that solves some obvious attacks with backspacing and bare CRs to overstrike. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1KMsndG034455; Fri, 20 Feb 2004 14:54:49 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1KMsnvi034453; Fri, 20 Feb 2004 14:54:49 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com ([63.73.97.162]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1KMsl35034446 for ; Fri, 20 Feb 2004 14:54:48 -0800 (PST) (envelope-from jon@callas.org) Received: from bletchley.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.2.3) for ; Fri, 20 Feb 2004 14:54:47 -0800 Received: from [192.168.2.235] ([63.251.255.25]) by bletchley.merrymeet.com (PGP Universal service); Fri, 20 Feb 2004 14:54:49 -0800 In-Reply-To: <20040211205055.GB18221@jabberwocky.com> References: <20040211205055.GB18221@jabberwocky.com> Mime-Version: 1.0 (Apple Message framework v612) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit Cc: ietf-openpgp@imc.org From: Jon Callas Subject: Re: Let's resolve the end-of-line and whitespace question Date: Fri, 20 Feb 2004 14:54:49 -0800 To: David Shaw X-Mailer: Apple Mail (2.612) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: > 1) 2440 says of the canonical text signature (sigclass 0x01): > > The signature is calculated over the text data with its line > endings converted to and trailing blanks removed. > > This is different than what every version of PGP though 8 does. > These implementations do the line endings, but do not > remove trailing blanks (essentially PGP 2.x behavior). > I'm happy to consider this a bug, myself, if consensus says that's what the behavior should be. This is probably a case where there's code in there that was written by either Derek or Peter Gutmann and no one's changed it since then. :-) > 2) 2440 says of the cleartext signature: > > Also, any trailing whitespace (spaces, and tabs, 0x09) at the > end of any line is ignored when the cleartext signature is > calculated. > > Again, PGP through 8 implements this differently than 2440 says, > where trailing spaces are removed, but trailing tabs are not > (again, PGP 2.x behavior). > > I've seen comments that these details were inadvertent errors in 2440 > that would have or should have been fixed, and requests to the WG the > change these two details in 2440bis to match the historical PGP > behavior (after all, PGP 5 predates 2440 and there is a huge installed > base of PGP 5-8). I've also seen comments that the WG mustn't change > the published standard this many years after the fact to match > behavior already declared noncompliant. No, this is not an inadvertent error. It was an intentional change. PGP 5 did predate 2440 and there are a number of small changes between its behavior and what's in 2440. Moreover, this version is now seven years old and has not been supported in so long that I can't even remember how long it has been unsupported. It is not 2440-compliant, can't be because it predated 2440, is not supported by its producer, and really isn't germane to any discussion of 2440. Please stop bringing it up. It's dead. Thank you, I feel much better now. The 2440 change in text signatures (adding in whitespace trimming) was one of a number of small things there that were debated as to what the right thing should be, rather than what went before. There are many good reasons for removing trailing whitespace at the end of anything that's text mode. It's the sort of thing that gets mangled easily and undetectably, as well as a covert channel. (I come from an era in which is was common practice for text editors to trim trailing whitespace when saving a file, and consider it a feature rather than a bug.) However, I'd be perfectly happy to settle it once and for all by saying only normalize line ends, even. We can just not worry about the whitespace. In short, if the consensus here is that however well-meaning that change was, it was a bad idea, it's easy to fix. I can see that Unicode issues might turn this into a swamp in ways that just trimming spaces and tabs isn't. > Jon Callas pointed out in... I'll repeat a broader opinion I have on this. I think that text mode should be an assurance that the signed data is in a particular format, so that it can be handled accurately, not a commentary on how to canonicalize. The reasons I think this is a good idea are that it be an assurance include: * If it's just an assurance, then you verify a signature the same way for text mode and binary mode. This is better for the code in a lot of ways. * If it's just an assurance, and the assurance is wrong (because of bugs or incompatibilities), then you end up with a good signature over data that isn't exactly in the format you wanted. This is a much better failure mode than getting good data, but not knowing how to verify the data. It's a fail-soft situation. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1KGJJem012367; Fri, 20 Feb 2004 08:19:19 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1KGJJH5012365; Fri, 20 Feb 2004 08:19:19 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.135]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1KGJIjq012358 for ; Fri, 20 Feb 2004 08:19:18 -0800 (PST) (envelope-from vedaal@hush.com) Received: from mailserver2.hushmail.com (mailserver2.hushmail.com [65.39.178.21]) by smtp3.hushmail.com (Postfix) with ESMTP id 1B8DE10E77E for ; Fri, 20 Feb 2004 08:19:20 -0800 (PST) Received: from mailserver2.hushmail.com (localhost.hushmail.com [127.0.0.1]) by mailserver2.hushmail.com (8.12.6/8.12.3) with ESMTP id i1KGJKKs024011 for ; Fri, 20 Feb 2004 08:19:20 -0800 (PST) (envelope-from vedaal@hush.com) Received: (from nobody@localhost) by mailserver2.hushmail.com (8.12.6/8.12.3/Submit) id i1KGJKqT024010 for ietf-openpgp@imc.org; Fri, 20 Feb 2004 08:19:20 -0800 (PST) Message-Id: <200402201619.i1KGJKqT024010@mailserver2.hushmail.com> Date: Fri, 20 Feb 2004 08:19:20 -0800 To: ietf-openpgp@imc.org Cc: Subject: Re: Let's resolve the end-of-line and whitespace question From: Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: >So a way through this may be to say, in the >context of cleartext signatures: > > a) us-ascii whitespace is always stripped from > the end of lines in signature calculation, > both in signing and verification. > > b) UTF-8 whitespace may be stripped from the > end of lines in signing, but in this case, the > document should be transmitted in its clean > interchange form, with these characters > cleaned from the end of lines, so that the > recipient can calculate (verify) correctly. as this is an area of potential confusion that may appear to render a clearsigned message signature 'bad' , then would it be advisable/feasible to add a packet to clearsigned messages, that would include the whitespace parameters used by the implemenatation, as well as the total number of lines, columns,and 'empty' whitespace lines of the final clearsigned text (counting from the header of the message, to the header of the signature) this would allow for a simple reconstruction of the message, back into proper verifiable form, no matter how mangled it might be by various e-mail client and re-mailers, vedaal Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1KG0Gfa010961; Fri, 20 Feb 2004 08:00:16 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1KG0GU5010960; Fri, 20 Feb 2004 08:00:16 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from zbasel.fortytwo.ch (zbasel.fortytwo.ch [212.254.206.135]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1KG0F0c010952 for ; Fri, 20 Feb 2004 08:00:15 -0800 (PST) (envelope-from avbidder@fortytwo.ch) Received: from onaras.ch (zux174-013.adsl.green.ch [80.254.174.13]) by zbasel.fortytwo.ch (Postfix) with ESMTP id B2506840 for ; Fri, 20 Feb 2004 17:00:14 +0100 (CET) From: Adrian von Bidder To: ietf-openpgp@imc.org Subject: Re: Let's resolve the end-of-line and whitespace question Date: Fri, 20 Feb 2004 17:00:07 +0100 User-Agent: KMail/1.6 References: <403624B7.8010007@systemics.com> In-Reply-To: <403624B7.8010007@systemics.com> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_M8iNANtGf/a2RrR"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200402201700.12759@fortytwo.ch> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --Boundary-02=_M8iNANtGf/a2RrR Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 20 February 2004 16.16, Ian Grigg wrote: > b) UTF-8 whitespace may be stripped from the > end of lines in signing, but in this case, the > document should be transmitted in its clean > interchange form, with these characters > cleaned from the end of lines, so that the > recipient can calculate (verify) correctly. s/transmitted/signed/ perhaps? Perhaps just state that the behaviour of OpenPGP implementations wrt non-as= cii=20 whitespace at EOL is undefined, thus signing such texts should be avoided (= by=20 removing/encoding such ws)? cheers =2D- vbi =2D-=20 Dogs just don't seem to be able to tell the difference between important=20 people and the rest of us. --Boundary-02=_M8iNANtGf/a2RrR Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iKcEABECAGcFAkA2LwxgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l6gg8AnjKUskRyUCZwqx115BOup+CB DmImAKCglWtAidkJVHqzDUygS5niDsQwOw== =9iLa -----END PGP SIGNATURE----- --Boundary-02=_M8iNANtGf/a2RrR-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1KFK6V8008542; Fri, 20 Feb 2004 07:20:06 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1KFK6Xg008541; Fri, 20 Feb 2004 07:20:06 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by above.proper.com (8.12.11/8.12.8) with SMTP id i1KFK55F008535 for ; Fri, 20 Feb 2004 07:20:05 -0800 (PST) (envelope-from iang@systemics.com) Received: (qmail 57396 invoked from network); 20 Feb 2004 15:20:05 -0000 Received: from softdnserror (HELO systemics.com) (216.26.241.29) by relay.pair.com with SMTP; 20 Feb 2004 15:20:05 -0000 X-pair-Authenticated: 216.26.241.29 Message-ID: <403624B7.8010007@systemics.com> Date: Fri, 20 Feb 2004 10:16:07 -0500 From: Ian Grigg User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6b) Gecko/20040113 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org CC: Jon Callas , Ian Grigg , David Shaw Subject: Re: Let's resolve the end-of-line and whitespace question References: <20040211205055.GB18221@jabberwocky.com> <402ACDDE.4050207@systemics.com> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Jon Callas wrote: >> a) it would be useful if the whitespace were >> clarified to eliminate potential Unicode white >> space. >> >> >> > > If someone will let me know what they are, I'll put them in. The above thread seems to have been renumbered to be this one: http://www.imc.org/ietf-openpgp/mail-archive/msg04791.html http://www.imc.org/ietf-openpgp/mail-archive/msg04793.html Here's a summary: UTF-8 character sets can include whitespace in seemingly arbitrary fashions. As the UTF-8 space is very large, it seems unreasonable for the OpenPGP WG to attempt to track what is whitespace from a complete, UTF-8, point of view. However, whitespace is declared as being stripped, and the implication in the rfc2440 document is that this is declared to be common us-ascii formats, explicitly. So a way through this may be to say, in the context of cleartext signatures: a) us-ascii whitespace is always stripped from the end of lines in signature calculation, both in signing and verification. b) UTF-8 whitespace may be stripped from the end of lines in signing, but in this case, the document should be transmitted in its clean interchange form, with these characters cleaned from the end of lines, so that the recipient can calculate (verify) correctly. Ref: Jon Callas, http://www.imc.org/ietf-openpgp/mail-archive/msg03753.html which would merit being included as a policy within the rfc2440 (that is, cleartext sig preparation should change documents into the interchange format, and thus strip whitespace proactively). c) us-ascii whitespace is defined to be, for the purposes of RFC2440 cleartext signature calculations, a) above, to be: 1. space (0x20), tab (0x09), nl (0x0a), cr (0x0d) ... 2. everything <= 0x20, or 3. or... (pick one) - the essence being here that the document does not define which it is. Assuming this is acceptable to the WG, the above messages include some example suggested text (now 04791, 04793; which google previously recorded as 07728, 07718). Alternatively, if the WG has decided to define UTF-8 whitespace and strip it from cleartext, is that something that happened in Seoul? Are there notes on this? iang Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1KEhLOX006221; Fri, 20 Feb 2004 06:43:21 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1KEhLIT006220; Fri, 20 Feb 2004 06:43:21 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by above.proper.com (8.12.11/8.12.8) with SMTP id i1KEhK7b006214 for ; Fri, 20 Feb 2004 06:43:20 -0800 (PST) (envelope-from iang@systemics.com) Received: (qmail 36031 invoked from network); 20 Feb 2004 14:43:21 -0000 Received: from softdnserror (HELO systemics.com) (216.26.241.29) by relay.pair.com with SMTP; 20 Feb 2004 14:43:21 -0000 X-pair-Authenticated: 216.26.241.29 Message-ID: <40361C22.1080102@systemics.com> Date: Fri, 20 Feb 2004 09:39:30 -0500 From: Ian Grigg User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6b) Gecko/20040113 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org Subject: Archive - missing messages Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: > The archive seems to have lost messages. The above is one example, here is another example: http://www.imc.org/ietf-openpgp/mail-archive/msg07728.html Which I found via google's cache: http://216.239.37.104/search?q=cache:quo_BiiFchkJ:www.imc.org/ietf-openpgp/mail-archive/msg07728.html+whitespace+UTF-8+Grigg+&hl=en&ie=UTF-8 Anyone have any clue as to what is happening? Is this a permanent loss or a glitch or what? iang Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1JJSICW073786; Thu, 19 Feb 2004 11:28:18 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1JJSCJf073784; Thu, 19 Feb 2004 11:28:12 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com ([63.73.97.162]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1JJSA3j073777 for ; Thu, 19 Feb 2004 11:28:11 -0800 (PST) (envelope-from jon@callas.org) Received: from bletchley.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.2.3) for ; Thu, 19 Feb 2004 11:28:04 -0800 Received: from [63.73.97.180] ([63.73.97.180]) by bletchley.merrymeet.com (PGP Universal service); Thu, 19 Feb 2004 11:28:11 -0800 In-Reply-To: <402ACDDE.4050207@systemics.com> References: <20040211205055.GB18221@jabberwocky.com> <402ACDDE.4050207@systemics.com> Mime-Version: 1.0 (Apple Message framework v612) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit Cc: ietf-openpgp@imc.org, David Shaw From: Jon Callas Subject: Re: Let's resolve the end-of-line and whitespace question Date: Thu, 19 Feb 2004 11:27:30 -0800 To: Ian Grigg X-Mailer: Apple Mail (2.612) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: > a) it would be useful if the whitespace were > clarified to eliminate potential Unicode white > space. > > > If someone will let me know what they are, I'll put them in. Jon Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1C0sMiI004928; Wed, 11 Feb 2004 16:54:22 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1C0sMKR004927; Wed, 11 Feb 2004 16:54:22 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by above.proper.com (8.12.11/8.12.8) with SMTP id i1C0sLoJ004921 for ; Wed, 11 Feb 2004 16:54:21 -0800 (PST) (envelope-from iang@systemics.com) Received: (qmail 92967 invoked from network); 12 Feb 2004 00:54:35 -0000 Received: from 66.152.48-244.ded.btitelecom.net (HELO systemics.com) (66.152.48.244) by relay.pair.com with SMTP; 12 Feb 2004 00:54:35 -0000 X-pair-Authenticated: 66.152.48.244 Message-ID: <402ACDDE.4050207@systemics.com> Date: Wed, 11 Feb 2004 19:50:38 -0500 From: Ian Grigg User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6b) Gecko/20040113 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org CC: David Shaw Subject: Re: Let's resolve the end-of-line and whitespace question References: <20040211205055.GB18221@jabberwocky.com> In-Reply-To: <20040211205055.GB18221@jabberwocky.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: David Shaw wrote: > I'm not going to be in Seoul, but one thing I think would be good to > be discussed, whether on this list, in Seoul, or both, is the textmode > end-of-line and whitespace issues. I'd agree that it needs to be tightened up. > This is not a severe interoperability problem by any means, but is an > annoyance that pops up now and again, and I think contributes in a > small way to the poor interoperability reputation that OpenPGP has. Right. For many cases, I guess this may be a nuisance. For my case, it is critical functionality, and from time to time, we've had to re-roll contracts to cope with this, and/or put in complicated heuristics into code to verify using multiple methods. (The preferred path at the moment is to change the source file such that whitespace is removed, but that's not really possible for most apps.) > 1) 2440 says of the canonical text signature (sigclass 0x01): > > The signature is calculated over the text data with its line > endings converted to and trailing blanks removed. > > This is different than what every version of PGP though 8 does. > These implementations do the line endings, but do not > remove trailing blanks (essentially PGP 2.x behavior). > > 2) 2440 says of the cleartext signature: > > Also, any trailing whitespace (spaces, and tabs, 0x09) at the > end of any line is ignored when the cleartext signature is > calculated. Two notes: a) it would be useful if the whitespace were clarified to eliminate potential Unicode white space. b) it would make some sort of sense, if any real changes were made, to unify the definition of whitespace to be the same in both. But this is minor, as one would think that we were not anticipating any functional change to 2440bis at this stage. > I've seen comments that these details were inadvertent errors in 2440 > that would have or should have been fixed, and requests to the WG the > change these two details in 2440bis to match the historical PGP > behavior (after all, PGP 5 predates 2440 and there is a huge installed > base of PGP 5-8). I've also seen comments that the WG mustn't change > the published standard this many years after the fact to match > behavior already declared noncompliant. The two implementations that I deal with both implement 2440bis as the (best available) standard. If 2440 has to be changed, then a lot of implementations would have to be as well; it's long since past that it was routine to treat the behaviour of pgp as a de facto standard. Also, anecdotally, I think gpg has a pretty significant market share these days, so we would have to quote what behaviour it follows if there was to be any change in 2440. > As for me, I don't really have strong feelings for any particular > outcome of this. What I do care about is that once 2440bis is > published, that it is clear what the "right" way to do things is and > that there will not be questions later. I don't want it suggested > that the issue wasn't looked at. I agree. > Jon Callas pointed out in > , > .... I agree with the thrust of this. Text should be sent in the interchange format, and signatures should be immediately verifiable on the data as delivered. It does mean that an implementation should send data with whitespace trimmed, though. And, that verification MAY try additional trimming if it hasn't been already trimmed by a non-conforming signer. It would be nice to get such explanation into 2440bis. iang Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1BKs5ix088255; Wed, 11 Feb 2004 12:54:05 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1BKs5Oc088254; Wed, 11 Feb 2004 12:54:05 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1BKs1YV088242 for ; Wed, 11 Feb 2004 12:54:04 -0800 (PST) (envelope-from dshaw@jabberwocky.com) Received: from claude.jabberwocky.com (walrus.ne.client2.attbi.com [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id i1BKsDS02561 for ; Wed, 11 Feb 2004 15:54:14 -0500 Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id i1BKotJ19441 for ietf-openpgp@imc.org; Wed, 11 Feb 2004 15:50:55 -0500 Date: Wed, 11 Feb 2004 15:50:55 -0500 From: David Shaw To: ietf-openpgp@imc.org Subject: Let's resolve the end-of-line and whitespace question Message-ID: <20040211205055.GB18221@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-Request-PGP: http://www.jabberwocky.com/david/keys.asc X-Phase-Of-Moon: The Moon is Waxing Gibbous (95% of Full) User-Agent: Mutt/1.5.6i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I'm not going to be in Seoul, but one thing I think would be good to be discussed, whether on this list, in Seoul, or both, is the textmode end-of-line and whitespace issues. This is not a severe interoperability problem by any means, but is an annoyance that pops up now and again, and I think contributes in a small way to the poor interoperability reputation that OpenPGP has. As I understand it, there are actually two different problems here. I'll take them in order: 1) 2440 says of the canonical text signature (sigclass 0x01): The signature is calculated over the text data with its line endings converted to and trailing blanks removed. This is different than what every version of PGP though 8 does. These implementations do the line endings, but do not remove trailing blanks (essentially PGP 2.x behavior). 2) 2440 says of the cleartext signature: Also, any trailing whitespace (spaces, and tabs, 0x09) at the end of any line is ignored when the cleartext signature is calculated. Again, PGP through 8 implements this differently than 2440 says, where trailing spaces are removed, but trailing tabs are not (again, PGP 2.x behavior). I've seen comments that these details were inadvertent errors in 2440 that would have or should have been fixed, and requests to the WG the change these two details in 2440bis to match the historical PGP behavior (after all, PGP 5 predates 2440 and there is a huge installed base of PGP 5-8). I've also seen comments that the WG mustn't change the published standard this many years after the fact to match behavior already declared noncompliant. As for me, I don't really have strong feelings for any particular outcome of this. What I do care about is that once 2440bis is published, that it is clear what the "right" way to do things is and that there will not be questions later. I don't want it suggested that the issue wasn't looked at. Jon Callas pointed out in , that if programs would just put their particular variation on canonical text in the literal data packet accompanying the signature, then a lot of the problems just go away. This is a good point, and is, in fact, what both PGP and GnuPG do, which is one reason why #1 hasn't been a larger problem. Unfortunately, this practice does not handle canonical text detached signatures or cleartext signatures, as these have no literal data packet. On the brighter side, this practice means that changing one program's behavior to match the other would not be a major backwards compatibility problem. David Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1BJYEal083593; Wed, 11 Feb 2004 11:34:14 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i1BJYD7d083592; Wed, 11 Feb 2004 11:34:13 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from dogbert.ihtfp.org (me@DOGBERT.IHTFP.ORG [204.107.200.33]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i1BJYCMj083586 for ; Wed, 11 Feb 2004 11:34:12 -0800 (PST) (envelope-from warlord@MIT.EDU) Received: (from warlord@localhost) by dogbert.ihtfp.org (8.12.9) id i1BJYQtk007551; Wed, 11 Feb 2004 14:34:26 -0500 To: ietf-openpgp@imc.org Subject: Meeting in Seoul: Timeslot acquired. Second call for agenda items. From: Derek Atkins Date: Wed, 11 Feb 2004 14:34:26 -0500 In-Reply-To: (Derek Atkins's message of "Fri, 30 Jan 2004 14:01:43 -0500") Message-ID: User-Agent: Gnus/5.1003 (Gnus v5.10.3) Emacs/21.1 (gnu/linux) References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I've acquired a one-hour timeslot in Seoul: This is to confirm that OPENPGP is currently scheduled on Tuesday, March 2 at 1300-1400 Other groups scheduled at that time are: webdav, l3vpn, dnsop, nsis The current agenda has two items: 1) 2440bis status - current state (jon via derek, unless jon can make it) - list of issues (derek) 2) updating the charter/milestones (derek) If you have other items to discuss, please let me know so I can add them to the agenda. I need to submit the agenda by Feb 24th. -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i15M527W055442; Thu, 5 Feb 2004 14:05:02 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i15M52pe055441; Thu, 5 Feb 2004 14:05:02 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.enyo.de (mail.enyo.de [212.9.189.167]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i15M50Ah055428 for ; Thu, 5 Feb 2004 14:05:01 -0800 (PST) (envelope-from fw@deneb.enyo.de) Received: (debugging) helo=deneb.enyo.de ip=212.9.189.171 name=deneb.enyo.de Received: from deneb.enyo.de ([212.9.189.171]) by mail.enyo.de with esmtp id 1Aord2-0003bx-Bl for ietf-openpgp@imc.org; Thu, 05 Feb 2004 23:05:44 +0100 Received: from fw by deneb.enyo.de with local (Exim 4.30) id 1AorcT-00044R-9A for ietf-openpgp@imc.org; Thu, 05 Feb 2004 23:05:09 +0100 Date: Thu, 5 Feb 2004 23:05:09 +0100 To: ietf-openpgp@imc.org Subject: Re: Trust Packets Message-ID: <20040205220509.GA15608@deneb.enyo.de> References: <200402041428.i14EShf15869@cs.auckland.ac.nz> <20040205162536.GA27038@jabberwocky.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040205162536.GA27038@jabberwocky.com> User-Agent: Mutt/1.5.5.1+cvs20040105i From: Florian Weimer Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: David Shaw wrote: > > On Wed, Feb 04, 2004 at 04:48:42PM +0100, Simon Josefsson wrote: > > > What we need is a way to embed those MPEG files in OpenPGP keys. :-) > > I can just see it: a "movie" attribute. It's called "logotype" and X.509 has it. 8-) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i15Hc8L6036284; Thu, 5 Feb 2004 09:38:08 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i15Hc82G036283; Thu, 5 Feb 2004 09:38:08 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.135]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i15Hc7x9036275 for ; Thu, 5 Feb 2004 09:38:07 -0800 (PST) (envelope-from vedaal@hush.com) Received: from mailserver3.hushmail.com (mailserver3.hushmail.com [65.39.178.45]) by smtp3.hushmail.com (Postfix) with ESMTP id A0B0A10E608 for ; Thu, 5 Feb 2004 09:38:16 -0800 (PST) Received: (from nobody@localhost) by mailserver3.hushmail.com (8.12.8p1/8.12.8/Submit) id i15HZNWZ000626 for ietf-openpgp@imc.org; Thu, 5 Feb 2004 09:35:23 -0800 (PST) Message-Id: <200402051735.i15HZNWZ000626@mailserver3.hushmail.com> Date: Thu, 5 Feb 2004 09:35:23 -0800 To: ietf-openpgp@imc.org Cc: Subject: Re: Trust Packets From: Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Thu, 05 Feb 2004 08:25:36 -0800 David Shaw wrote: > >On Wed, Feb 04, 2004 at 04:48:42PM +0100, Simon Josefsson wrote: > >> What we need is a way to embed those MPEG files in OpenPGP keys. >:-) > >I can just see it: a "movie" attribute. "Hi! I'm David, and my >fingerprint is...." and then stego a symmetrically encrypted file of the secret key, passphrase, and revocation certificate right into it ;-) vedaal Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i15GS8lE030547; Thu, 5 Feb 2004 08:28:08 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i15GS85j030546; Thu, 5 Feb 2004 08:28:08 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i15GS7SC030539 for ; Thu, 5 Feb 2004 08:28:07 -0800 (PST) (envelope-from dshaw@jabberwocky.com) Received: from claude.jabberwocky.com (walrus.ne.client2.attbi.com [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id i15GSAS15244 for ; Thu, 5 Feb 2004 11:28:15 -0500 Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id i15GPa827070 for ietf-openpgp@imc.org; Thu, 5 Feb 2004 11:25:36 -0500 Date: Thu, 5 Feb 2004 11:25:36 -0500 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Trust Packets Message-ID: <20040205162536.GA27038@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <200402041428.i14EShf15869@cs.auckland.ac.nz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-Request-PGP: http://www.jabberwocky.com/david/keys.asc X-Phase-Of-Moon: The Moon is Waxing Gibbous (99% of Full) User-Agent: Mutt/1.5.6i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, Feb 04, 2004 at 04:48:42PM +0100, Simon Josefsson wrote: > What we need is a way to embed those MPEG files in OpenPGP keys. :-) I can just see it: a "movie" attribute. "Hi! I'm David, and my fingerprint is...." David Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i14Fmo0q060665; Wed, 4 Feb 2004 07:48:50 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i14FmoPt060663; Wed, 4 Feb 2004 07:48:50 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from yxa.extundo.com (178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i14FmjjD060656 for ; Wed, 4 Feb 2004 07:48:49 -0800 (PST) (envelope-from jas@extundo.com) Received: from latte.josefsson.org (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.12.10/8.12.10) with ESMTP id i14FmhMe016694 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Wed, 4 Feb 2004 16:48:44 +0100 To: pgut001@cs.auckland.ac.nz (Peter Gutmann) Cc: ietf-openpgp@imc.org Subject: Re: Trust Packets References: <200402041428.i14EShf15869@cs.auckland.ac.nz> From: Simon Josefsson X-Hashcash: 0:040204:pgut001@cs.auckland.ac.nz:8b56e117238d4c8d X-Hashcash: 0:040204:ietf-openpgp@imc.org:57decbed521a0bb1 Date: Wed, 04 Feb 2004 16:48:42 +0100 In-Reply-To: <200402041428.i14EShf15869@cs.auckland.ac.nz> (Peter Gutmann's message of "Thu, 5 Feb 2004 03:28:43 +1300") Message-ID: User-Agent: Gnus/5.110002 (No Gnus v0.2) Emacs/21.3.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: pgut001@cs.auckland.ac.nz (Peter Gutmann) writes: >>(The database contained the equivalent of ~2GB PGP keyrings worth of data, >>although the machine had enough memory to store the entire database in RAM.) > > Yeah, well that would help a bit :-). I guess. But it was the largest OpenPGP key database I could find; a snapshot of the key ring from some global PGP key database (100 ~22GB files, dated from 2002 or so -- if this sounds like it might have been truncated I'd appreciate being informed). So even if I agree the database is small by todays RAM size standards, I don't believe it was a toy database, so the data point can't be that irrelevant. And I'd also imagine someone building a serious production server have more memory in their servers than a modern desktop PC like mine. (For reference, my database was PostgreSQL, I didn't apply any performance tweaks.) What we need is a way to embed those MPEG files in OpenPGP keys. :-) Regards, Simon Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i14ESoPN054703; Wed, 4 Feb 2004 06:28:50 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i14ESowj054702; Wed, 4 Feb 2004 06:28:50 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.cs.auckland.ac.nz (smtp.cs.auckland.ac.nz [130.216.33.151]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i14ESjvH054689 for ; Wed, 4 Feb 2004 06:28:48 -0800 (PST) (envelope-from pgut001@cs.auckland.ac.nz) Received: from cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by smtp.cs.auckland.ac.nz (Postfix) with ESMTP id B89873404E; Thu, 5 Feb 2004 03:27:37 +1300 (NZDT) Received: (from pgut001@localhost) by cs.auckland.ac.nz (8.11.6/8.11.6) id i14EShf15869; Thu, 5 Feb 2004 03:28:43 +1300 Date: Thu, 5 Feb 2004 03:28:43 +1300 Message-Id: <200402041428.i14EShf15869@cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: ietf-openpgp@imc.org, jas@extundo.com Subject: Re: Trust Packets Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Simon Josefsson writes: >pgut001@cs.auckland.ac.nz (Peter Gutmann) writes: >> I've thought about this a bit in the past (I use databases to store >> other types of keys) but because of the free-form association of >> different bits and pieces of keys with identifying information I >> can't think of any easy way to do it unless you use a multi-level >> lookup. That is, you can't do a: >> >> SELECT key FROM table WHERE email = foo >> >> because there could be an arbitrary number of email addresses attached to a >> key, and there could be an arbitrary number of keys associated with an email >> address. So you need something like: >> >> SELECT keyID FROM indexTable WHERE email = foo >> SELECT key FROM sigKeyTable WHERE keyID = foo >> >> which isn't very efficient (multiple tables, multi-level lookups, etc etc). > >Have you tried this and found that performance is the most performance >critical area? I hadn't really checked it, because the code could end up plugged into almost any database type (via ODBC) on any kind of system, I wasn't sure that results for one particular environment would be terribly useful. For example if you can tell the back-end (via SQL hinting) to use a hashed index held in RAM it'd be pretty quick. If you end up with a linear scan on disk, it'd be pretty awful. >(The database contained the equivalent of ~2GB PGP keyrings worth of data, >although the machine had enough memory to store the entire database in RAM.) Yeah, well that would help a bit :-). Peter. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i13DV2w7082065; Tue, 3 Feb 2004 05:31:02 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i13DV25V082064; Tue, 3 Feb 2004 05:31:02 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i13DV1D3082058 for ; Tue, 3 Feb 2004 05:31:01 -0800 (PST) (envelope-from dshaw@jabberwocky.com) Received: from claude.jabberwocky.com (walrus.ne.client2.attbi.com [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id i13DV2S06049 for ; Tue, 3 Feb 2004 08:31:02 -0500 Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id i13DSeX27504 for ietf-openpgp@imc.org; Tue, 3 Feb 2004 08:28:40 -0500 Date: Tue, 3 Feb 2004 08:28:40 -0500 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: SubKey expiration Message-ID: <20040203132840.GF20644@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <4DCE15B9C4E66F4CA967EBF64C53D64D015714@bstn-exch1.forumsys.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4DCE15B9C4E66F4CA967EBF64C53D64D015714@bstn-exch1.forumsys.com> X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-Request-PGP: http://www.jabberwocky.com/david/keys.asc X-Phase-Of-Moon: The Moon is Waxing Gibbous (89% of Full) User-Agent: Mutt/1.5.6i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, Feb 02, 2004 at 09:23:57PM -0500, Hasnain Mujtaba wrote: > What is the need for having two expiration signature subpackets: Key > expiration time and Signature expiration time. Which of these do we > read if we want to know the date when the subkey expires? If the > signature on the subkey has expired then the key is useless and the > value of the the Key expiration time subpacket should not matter and > vice versa, i.e, if the the key expiration time is reached before > the signature expiration time then the key has expired. The subpacket "language" is rich and allows you to express things that don't necessarily make sense in all contexts. In the case of subkeys, if you have a self-signature that expires, it is as if the subkey has no self-signature, and is thus an invalid subkey. If you have a self-signature that has a key expiration subpacket, and the specified time has elapsed, then the subkey is expired. > So, whichever of the two validity dates arrives first, can't we > expire the key based on that? For most purposes, yes. Though an invalid subkey (expired self-signature) and an expired subkey (valid self-signature with a key expiration subpacket) are not the same thing, either one results in a subkey that should not be used. Nevertheless, if you are generating a subkey that expires, use the key expiration subpacket. That's what it is there for. David Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i139iDSg054315; Tue, 3 Feb 2004 01:44:13 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i139iDHL054313; Tue, 3 Feb 2004 01:44:13 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i139iA9F054265 for ; Tue, 3 Feb 2004 01:44:10 -0800 (PST) (envelope-from wk@gnupg.org) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 3.35 #1 (Debian)) id 1Anx6e-0007f8-00 for ; Tue, 03 Feb 2004 10:44:32 +0100 Received: from wk by alberti.g10code.de with local (Exim 3.36 #1 (Debian)) id 1Anx2v-0001G3-00; Tue, 03 Feb 2004 10:40:41 +0100 To: "Hasnain Mujtaba" Cc: Subject: Re: SubKey expiration References: <4DCE15B9C4E66F4CA967EBF64C53D64D015714@bstn-exch1.forumsys.com> From: Werner Koch Organisation: g10 Code GmbH X-Request-PGP: finger:wk@g10code.com X-PGP-KeyID: 621CC013 Date: Tue, 03 Feb 2004 10:40:40 +0100 In-Reply-To: <4DCE15B9C4E66F4CA967EBF64C53D64D015714@bstn-exch1.forumsys.com> (Hasnain Mujtaba's message of "Mon, 2 Feb 2004 21:23:57 -0500") Message-ID: <878yjkqz53.fsf@alberti.g10code.de> User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/20.7 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, 2 Feb 2004 21:23:57 -0500, Hasnain Mujtaba said: > So, whichever of the two validity dates arrives first, can't we expire > the key based on that? If the key binding signature has expired, there is no valid binding signature anymore and thus there is no usable subkey anymore. The subkey did not expire but the effect is the same. Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i132OEox060837; Mon, 2 Feb 2004 18:24:14 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i132OEed060836; Mon, 2 Feb 2004 18:24:14 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from slc-exch-1.forumsys.com (67.107.202.130.ptr.us.xo.net [67.107.202.130]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i132OBgt060803 for ; Mon, 2 Feb 2004 18:24:12 -0800 (PST) (envelope-from hmujtaba@forumsys.com) Received: from bstn-exch1.forumsys.com ([10.5.2.12]) by slc-exch-1.forumsys.com with Microsoft SMTPSVC(5.0.2195.6713); Mon, 2 Feb 2004 19:24:04 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: SubKey expiration Date: Mon, 2 Feb 2004 21:23:57 -0500 Message-ID: <4DCE15B9C4E66F4CA967EBF64C53D64D015714@bstn-exch1.forumsys.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: SubKey expiration Thread-Index: AcPp/FI4t7SwIrRXSgi0tLIZ56jF5A== From: "Hasnain Mujtaba" To: X-OriginalArrivalTime: 03 Feb 2004 02:24:05.0013 (UTC) FILETIME=[CB680C50:01C3E9FC] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id i132ODgt060830 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hi all, When does a OpenPGP V4 subkey expire? Is it when the subkey "signature expiration time" arrives or when the subkey "key expiration time" arrives. What is the need for having two expiration signature subpackets: Key expiration time and Signature expiration time. Which of these do we read if we want to know the date when the subkey expires? If the signature on the subkey has expired then the key is useless and the value of the the Key expiration time subpacket should not matter and vice versa, i.e, if the the key expiration time is reached before the signature expiration time then the key has expired. So, whichever of the two validity dates arrives first, can't we expire the key based on that? Is this the reasoning correct? Regards, Hasnain.