edit ch7 cleartext transformations subsection

This commit is contained in:
Tammi L. Coles 2023-11-16 11:57:46 +01:00
parent 2f44224974
commit 58340c97a1

View file

@ -129,13 +129,15 @@ These features are particularly beneficial in scenarios where signed messages ar
#### Text transformations for cleartext signatures #### Text transformations for cleartext signatures
In the cleartext signature framework, the message text is normalized by [escaping dashes](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-dash-escaped-text), to prevent parsing problems where message content and armor headers are confused. The cleartext signature framework includes specific text normalization procedures to ensure the integrity and clarity of the message:
Additionally, as usual for [text signatures](data_signature_types), the signature is calculated on the text with normalized line endings (`<CR><LF>`). _ **Escaping dashes**: The framework implements a method of [dash-escaped text](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-dash-escaped-text) within the message. Dash-escaping ensures that the parser correctly distinguishes between the armor headers, which are part of the signature's structure, and any lines in the message that happen to start with a dash.
- **Normalization of line endings**: Consistent with the approach for binary [text signatures](data_signature_types), the cleartext signature is calculated on the text with normalized line endings (`<CR><LF>`). This ensures that the signature remains valid regardless of the text format of the receiving implementation.
#### Pitfalls #### Pitfalls
While widely used, cleartext signatures are sometimes considered a "legacy method"[^csf-gnupg]. The RFC outlines [pitfalls of cleartext signatures](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-issues-with-the-cleartext-s) and advises that inline and detached signature forms are often preferable. While widely used, cleartext signatures are sometimes viewed as a "legacy method"[^csf-gnupg]. The RFC outlines [pitfalls of cleartext signatures](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-issues-with-the-cleartext-s) and advises that inline and detached signature forms are often preferable.
[^csf-gnupg]: https://lists.gnupg.org/pipermail/gnupg-devel/2023-November/035428.html [^csf-gnupg]: https://lists.gnupg.org/pipermail/gnupg-devel/2023-November/035428.html