Re: PGP Message Signatures on FAQs

Zefram (A.Main@dcs.warwick.ac.uk)
Thu, 12 Jan 1995 17:15:37 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ken Arromdee: "Re: Alternative Walnut Creek letter"
Previous message: Ian Jackson: "Alternative Walnut Creek letter"
Maybe in reply to: James D. Murray: "PGP Message Signatures on FAQs"
Next in thread: Dave Schweisguth: "Re: PGP Message Signatures on FAQs"
Next in thread: Zefram: "Re: PGP Message Signatures on FAQs"
Reply: Dave Schweisguth: "Re: PGP Message Signatures on FAQs"

-----BEGIN PGP SIGNED MESSAGE-----

Ian Jackson <iwj10@cus.cam.ac.uk> writes:
>James D. Murray writes ("PGP Message Signatures on FAQs"):
>> I was not pleased to see that each 30 column long line of hyphens separating
>> each entry (as speced by RFC 1153) had a space added at the second column,
>> as in before:
>> ------------------------------
>> and after:
>> - -----------------------------
>> I realize why this is done, but I would like to know if 1) there is a way to
>> keep PGP from modifying a text file in this way and, 2) will this modification
>> screw up any readers/converters that require RFC 1153 format?
>
>No, there isn't a way to keep PGP from doing this. You could manually
>edit out the added `- ' characters yourself (with a sed script
>perhaps), but then PGP wouldn't be able to check the signature on the
>result any more. I suppose you could tell people to add them back,
>but that's very nasty.
>
>Well, only a few months ago a forged copy of my Linux FAQ was
>accidentally posted. That's when I started signing it.

I personally don't PGP sign my FAQ. I do, however, sign the legal notice,
for obvious reasons.

There is an alternative to PGP signing the entire FAQ, while still
detecting forgery. It would be possible to do what PGP does, but
manually. After the FAQ, put a PGP-signed message stating a checksum of
the FAQ. It takes a little effort to confirm, of course, but it is
certainly workable.

Another possibility is to avoid using lines that PGP will escape. It
won't then be possible to adhere to RFC 1153, but that isn't really
suited to FAQs anyway.

Yet another possibility is to simply PGP sign the FAQ and include a note
to the effect that PGP will have to be used to extract the original form
before the reader can be used. This suffers from the disadvantage that
anyone without PGP will have to use sed (or similar) to reconstruct the
original form.

No doubt this issue will continue to be a problem until there is a
standard header for specifying a regexp matching section dividers.

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQBVAgUBLxVjkLUPMZ11+Ju9AQFVfwH9HxT3an62P8slnYa3BMrDsFTaQp4z6Ipr
u9jV/2B7gC51YHh+JolSNy1/OeNa19000nKhXEeqbNEXlA71pMJQBA==
=uXtK
-----END PGP SIGNATURE-----

--
Andrew Main <zefram@dcs.warwick.ac.uk>

Next message: Ken Arromdee: "Re: Alternative Walnut Creek letter"
Previous message: Ian Jackson: "Alternative Walnut Creek letter"
Maybe in reply to: James D. Murray: "PGP Message Signatures on FAQs"
Next in thread: Dave Schweisguth: "Re: PGP Message Signatures on FAQs"
Next in thread: Zefram: "Re: PGP Message Signatures on FAQs"
Reply: Dave Schweisguth: "Re: PGP Message Signatures on FAQs"

[ Usenet Hypertext FAQ Archive | Search Mail Archive | Authors | Usenet ]
[ 1993 | 1994 | 1995 | 1996 | 1997 ]