From 58340c97a1e959e638f6a821ea0b985e177b69a1 Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Thu, 16 Nov 2023 11:57:46 +0100 Subject: [PATCH] edit ch7 cleartext transformations subsection --- book/source/07-signing_data.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/book/source/07-signing_data.md b/book/source/07-signing_data.md index eada683..53fe87f 100644 --- a/book/source/07-signing_data.md +++ b/book/source/07-signing_data.md @@ -129,13 +129,15 @@ These features are particularly beneficial in scenarios where signed messages ar #### Text transformations for cleartext signatures -In the cleartext signature framework, the message text is normalized by [escaping dashes](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-dash-escaped-text), to prevent parsing problems where message content and armor headers are confused. +The cleartext signature framework includes specific text normalization procedures to ensure the integrity and clarity of the message: -Additionally, as usual for [text signatures](data_signature_types), the signature is calculated on the text with normalized line endings (``). +_ **Escaping dashes**: The framework implements a method of [dash-escaped text](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-dash-escaped-text) within the message. Dash-escaping ensures that the parser correctly distinguishes between the armor headers, which are part of the signature's structure, and any lines in the message that happen to start with a dash. + +- **Normalization of line endings**: Consistent with the approach for binary [text signatures](data_signature_types), the cleartext signature is calculated on the text with normalized line endings (``). This ensures that the signature remains valid regardless of the text format of the receiving implementation. #### Pitfalls -While widely used, cleartext signatures are sometimes considered a "legacy method"[^csf-gnupg]. The RFC outlines [pitfalls of cleartext signatures](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-issues-with-the-cleartext-s) and advises that inline and detached signature forms are often preferable. +While widely used, cleartext signatures are sometimes viewed as a "legacy method"[^csf-gnupg]. The RFC outlines [pitfalls of cleartext signatures](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-issues-with-the-cleartext-s) and advises that inline and detached signature forms are often preferable. [^csf-gnupg]: https://lists.gnupg.org/pipermail/gnupg-devel/2023-November/035428.html