[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Binary vs. ASCII for certificates

Ron Rivest writes:
> (1) I can imagine certificates containing intrinsically non-textual data
>     (most particularly, it might be nice to have an image of the person
>     whose key it is).

True enough. However, I'll point out that the most common formats I
know of for sending around face information these days are as ASCII
encodings -- see, for example, the X-Face: header some people have in
their mail messages, and the old Usenix FaceSaver file format.

> (4) One must be careful to define what bytes are actually "present" in an
>     ASCII encoding, since the contents will be digitally signed.  The 
>     treatment of whitespace, etc., needs to be carefully specified.

Yes, naturally. One would need to be very careful about things like
making sure that a canonicalization was done to a particular line
break format and the like. Of course, PEM MIC-CLEAR and PGP clear
signatures have had to deal with this for some time in the problem of
signing ASCII text and there has been some success on finding good
canonicalizations. We can probably try to learn from the existing
experience on such things.