I would like to argue for a weaker ascii text signature function in PGP in addition to the current one. It would canonicalize a file by turning all sequences of white space into a single space and trimming leading and trailing whitespace from the file before computing the hash. This clearly involves some major changes to the file, allowing many files to hash to the same value, but a human would presumably consider all of those files to have the same information content. The only case that I can think of where the information content of the message could be changed with the signature remaining valid is if information was contained in the pattern of whitespace in the file. This should make the signature robust to most of the changes that a mailer could make. I would not advocate extending this to any non-whitespace characters. -- eric messick eric@toad.com
participants (1)
-
Eric Messick