🚀 go-pugleaf

> I understand that all this is not my fault, but is due to the fact
> that:
>
> 1) Some software is badly designed (e.g., a "signature" should be
> considered to be delimited by a line, containing -exactly- two
> dashes).
>
> 2) PGP is not designed with the Internet standards in mind and does
> not form messages with proper headers, but instead uses some
> delimiters inside the message body.

Uhh, a couple of things.

1) software shouldn't modify a message, whether it contains a
signature or not (nor whether the signature is plain-text or a
crypto-sig).

2) PGP may not have been designed with the Internet in mind, but PEM
was, and the PEM headers are extremely similar to PGP headers... PEM,
as defined by the new 1113 et.al RFCs define the headers to be:
-----{BEGIN,END} PRIVACY ENHANCED MESSAGE-----

Any ways, if PGP mail is failing because of brain-damaged software,
then I don't see how PEM is supposed to work, either!  Vesselin, my
suggestion to you is to CONTINUE putting your signatures on your
messages.  If I had a better emacs interface (I read mail and news
within emacs) to PGP, I would clear-sign my messages, too.

Please, don't let poorly written gateways detract from the usefulness
of cryptographic authenticity!

-derek

PGP 2 key available upon request, or via AFS:
	/afs/athena.mit.edu/user/w/a/warlord/pgp-pubkey.asc

--
  Derek Atkins, MIT '93, Electrical Engineering and Computer Science
      Chairman, MIT Student Information Processing Board (SIPB)
           MIT Media Laboratory, Speech Research Group
           warlord@MIT.EDU       PP-ASEL        N1NWH

bontchev@fbihh.informatik.uni-hamburg.de (Vesselin Bontchev) writes:

>2) PGP is not designed with the Internet standards in mind and does
>not form messages with proper headers, but instead uses some
>delimiters inside the message body.

I've seen this misconception in several places.  Actually, the PGP
cleartext signatures have many similarities to the specification in the
Internet standard RFC 1113, which describes Privacy Enhanced Mail
(PEM).  PEM messages start with -----BEGIN PEM MESSAGE----- according
to that RFC.  They will presumably be just as vulnerable to the
problems that Vesselin mentions.  The use of five dashes to start a
line comes directly from this RFC.

The Ascii encoding used in PGP non-cleartext messages also comes from this
RFC.  So does the behavior of quoting all lines which start with "-" by
adding a preceding "- " to them, another behavior which people have called
objectionable.

PGP obviously does not try to be compliant with the PEM RFC's; even
RIPEM doesn't try that.  But it has apparently adopted some of the
ideas expressed there.  People who are unhappy about these provisions
are objecting several years too late.

Hank
-------------------------------------------------------------------------
To find out more about the anon service, send mail to help@anon.penet.fi.
Due to the double-blind system, any replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin@anon.penet.fi.

-----BEGIN PGP SIGNED MESSAGE-----

In article <WARLORD.93Feb4170855@toxicwaste.mit.edu> warlord@MIT.EDU (Derek Atkins) writes:
>Please, don't let poorly written gateways detract from the usefulness
>of cryptographic authenticity!
>
>-derek
>
>PGP 2 key available upon request, or via AFS:
>	/afs/athena.mit.edu/user/w/a/warlord/pgp-pubkey.asc


Here! Here! I agree 100%! Maybe if enogh people clearsign their
messages, the authors of the supposed breaindead mailer packages would
get the hint.

-----BEGIN PGP SIGNATURE-----
Version: 2.1

iQCVAgUBK3JaDVoWmV4X/7GZAQGiOAP8Dw4Yf7wNoeh4z62PQ6zUEFqi25TlXk3w
lrOzO4xGRHjTS8SVucNYH1r8YUyYjbI+OoNEjLW8ca/1D36dSUEETUEnVANwHKqM
rgYFVsSu8EC9NtjCpTVV57drwT/WgTao+OG4m7XZ7OHkCt9wtiKvFS/Ijdyh9luj
8lO3uHgdhNE=HTGD
-----END PGP SIGNATURE-----
--
 John A. Perry  -  perry@jpunix.com
                   jpunix!perry

 PGP 2.1 signature available by fingering perry@phil.utmb.edu

bontchev@fbihh.informatik.uni-hamburg.de writes:
> I understand that all this is not my fault, but is due to the fact
> that:
>
> 1) Some software is badly designed (e.g., a "signature" should be
> considered to be delimited by a line, containing -exactly- two
> dashes).

-- Not even that.  It should be exactly two dashes followed by exactly one
space and a newline.

-- As for Fidonet, if they don't escape the appropriate lines a la RFC 934,
they deserve everything they get.

> Nevertheless, in order to avoid further confusion, and until a way to
> use shorter signatures is designed, I will stop clearsigning my posts.

-- No!  Carry on.  Force the idiots to fix their broken software.


-- mathew

Marc VanHeyningen <mvanheyn@cs.indiana.edu> writes:
> In yet another of those stupid anonymous posts from the anonymous
>  posting service in Finland which the guy who wrote the software it is
>  running has requested be shut down or restricted, somebody or other said:
>
> >PGP obviously does not try to be compliant with the PEM RFC's; even
> >RIPEM doesn't try that.  But it has apparently adopted some of the
>
> Sure it does.  It doesn't yet include a few things, like certificates
> (but then again, almost nobody has certificates yet anyway.)  Their
> addition is planned.

I'm sorry that I continue to seem stupid to you.  Please correct me if I
am wrong, but it does not seem to me that RIPEM is compliant with the PEM
RFC's.  It does not support some of the PEM fields, and it has made up
some of its own and added them: Recipient-Name, Originator-Name, and
Originator-Key-Asymmetric.

Because of these changes, RIPEM messages cannot be read or created by
PEM software, and PEM messages cannot be read or created by RIPEM
software, as I understand it.

In the RIPEM manual, it says "RIPEM is not really compatible with PEM"
due to these differences.

Hank
-------------------------------------------------------------------------
To find out more about the anon service, send mail to help@anon.penet.fi.
Due to the double-blind system, any replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin@anon.penet.fi.

In article <10000.728920991@moose.cs.indiana.edu> Marc VanHeyningen <mvanheyn@cs.indiana.edu> writes:
:In yet another of those stupid anonymous posts from the anonymous
: posting service in Finland which the guy who wrote the software it is
: running has requested be shut down or restricted, somebody or other said:

Really?  Where is this being discussed? - I'd like to hear more.

G