[sylpheed:31302] Re: PGP/MIME-signing breaks sig delimiter

Michael Schwendt mschwendt at gmail.com
Mon May 14 18:31:32 JST 2007 

On 14/05/07, Hiroyuki Yamamoto wrote:
>
> >     Multipart/signed and multipart/encrypted are to be treated by
> > agents as opaque, meaning that the data is not to be altered in any
> > way.
> >
> > Stripping off whitespace of the end of lines is in violation with that
> > guideline. I believe Sylpheed ought not try to work around broken
> > PGP/MIME implementation in other MUAs. Instead, it ought to follow
> > RFC2015 and be done.
>
> Whitespace-stripping is done *before* signing, so it is not a violation.

Right. At the sender's side, but not at the recipient's side.

Apparently, based on your later comment, some MUAs *do* alter the
message contents prior to *verifying* the signature.

I didn't say that Sylpheed violates the guideline. Actually, it
doesn't matter whether the user deletes whitespace or whether Sylpheed
does it *before* the mail is passed on to GPGME. It is a normal edit
operation that defines the mail to be sent. But the recipient needs to
perform a matching series of modifications/conversions before it can
verify the signature.

RFC 3156 says:

      In most cases, trailing whitespace can either be removed, or
      protected by applying an appropriate content-transfer-encoding.

Note the "either, or".
And:

      Implementor's note: It cannot be stressed enough that applications
      using this standard follow MIME's suggestion that you "be
      conservative in what you generate, and liberal in what you
      accept."

With regard to "-- ", the way to go would be QP, so the space
character is preserved. The recipient's MUA, however, must not strip
this character either, but decode it and accept it.

> In conclusion, I think it should be reverted to the previous behavior,
> but with some exceptions (if charset=ISO-2022-JP, send with 7bit with
> stripping trailing whitespaces).

If just the whitespace in "-- " is preserved, does that also corrupt
the mail then? Then that still is a case where Sylpheed, by default,
should not try to work around bugs in the recipient's MUA.

More information about the Sylpheed mailing list