[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Lack of PGP signatures
At 02:38 PM 7/5/96 -0400, "Mark M." <[email protected]> wrote:
>OK, now the point of this message: somebody pointed out that if a binary was
>clear-signed using an option that would strip it down to 7 bits, the binary
>would be corrupted and therefore, such an option on PGP would be a Bad Thing.
>Then, I pointed out that not only would there be no point in a clear signature,
>since that would make the binary useless to someone without PGP anyway. It
>is best to sign a binary and extract the certificate to a separate file, which
>you noted above. So an option that would strip data down to 7 bits would not
>affect the ability to sign a binary. Such an option would probably be a Good
>Thing.
Not everybody limits their language to the 96 characters supported by ASCII;
many people use languages that have umlauts and cedillas and accent marks
and haceks
and other inkblots above/under/around their letters, or symbols like
section markers and Yen and British Pound currency symbols. A signature form
that trashes files down to 7 bits would not only annoy these people,
but also their readers :-)
One readily obvious alternative - hashing only the lower 7 bits of each letter,
but not damaging the letter itself - is probably worse, because the message
can be altered by changing high bits without changing the signature,
while the shred-them-all method at least leaves you sure what you're signing.
But they're both pretty bad....
# Thanks; Bill
# Bill Stewart +1-415-442-2215 [email protected]
# http://www.idiom.com/~wcs
# Re-delegate Authority!