From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 15 Jul 1996 19:06:21 +0800
To: cypherpunks@toad.com
Subject: Re: Lack of PGP signatures
Message-ID: <199607150749.AAA07573@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:38 PM 7/5/96 -0400, "Mark M." <markm@voicenet.com> wrote:
>OK, now the point of this message: somebody pointed out that if a binary was
>clear-signed using an option that would strip it down to 7 bits, the binary
>would be corrupted and therefore, such an option on PGP would be a Bad Thing.
>Then, I pointed out that not only would there be no point in a clear signature,
>since that would make the binary useless to someone without PGP anyway.  It
>is best to sign a binary and extract the certificate to a separate file, which
>you noted above.  So an option that would strip data down to 7 bits would not
>affect the ability to sign a binary.  Such an option would probably be a Good
>Thing.

Not everybody limits their language to the 96 characters supported by ASCII;
many people use languages that have umlauts and cedillas and accent marks
and haceks
and other inkblots above/under/around their letters, or symbols like
section markers and Yen and British Pound currency symbols.  A signature form
that trashes files down to 7 bits would not only annoy these people,
but also their readers :-)  

One readily obvious alternative - hashing only the lower 7 bits of each letter,
but not damaging the letter itself - is probably worse, because the message
can be altered by changing high bits without changing the signature,
while the shred-them-all method at least leaves you sure what you're signing.

But they're both pretty bad....

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Re-delegate Authority!