Cleartext signatures considered harmful
gnupg.orgThe argument here seems to be that when GnuPG's implementation, or the original standard, has flaws, those flaws should be seen as inherent limitations of the use-case, rather than flaws in the implementation and standard. And with GnuPG, that argument seems to be used to justify having it behave the same way it always has, which leads to dangerous situations.
That PGP handles armor, escaping, and comments badly, and clients handle display of the signed text badly, do not seem like they mean that the concept of cleartext signatures are inherently flawed.
Fair point. Calling the concept inherently flawed is doing a lot of work to excuse 30 years of implementation bugs.
> Cleartext signatures considered harmful
Really? To me it seems that what’s really harmful is assuming a long string of high entropy hex bytes is a valid signature.
Both detached signatures and cleartext need to be run through verify, so what gives?
Does gpg not error when the post-verification output file doesn’t match the cleartext? That sounds like a bug in gpg
It appears that by default, gpg doesn't output the signed text at all when verifying a cleartext signature. It does not appear to check for or warn about extra content before or after the cleartext text and signature. It strictly interprets the start/end lines, and won't warn or fail for malicious ones. It does not appear to accept comment headers in the signed message, but does accept them in the signature, which means that a user might think an arbitrarily long message in the signature is actually signed.
These all seem like flaws in gpg and the standard.
Obligatory https://xkcd.com/1181/