Some contracts/messages (if not all) contain non-ascii characters to present a type of formatting such as "\n" and other hidden characters of that nature. The sign message window should detect base64 input and if it looks like a base64 string it should pop-up a text box displaying the decoded message.
With out base64 incorporation, any document containing hidden characters that are presented through a stream will not match the receipts signature with the senders signature. I think the decoded message should be displayed as well since users deserve to know what they are signing with out having to trust third-party applications to decode the base64 for them.
Sign a hash, not the data— otherwise what happens wen you want to sign something containing 10 mbytes of images? :) Opaquely packing data in the signature has problems with the data not matching what you think it will match, even if it decodes it— who's going to notice a " not " slipped into the middle of a two page contract, when it only shows up on the received signature?
Good point & solution. I can't really think of a reason not to sign the hash.
Okay what about this issue, How do we promote users "Not to sign anything vague" when we are promoting them to sign digests. Which to any users is just a string of random letters and numbers; It doesn’t mean a thing to a non-technical person. I realise that sha256 doesn’t have any (known or mathematically computed) collisions but to a non-technical person that doesn’t mean anything, so with this social engineering flaw in mind we can assume any joe-shmoe can invent his own "predictable digest" or even just provide a base64 encoding of the message the non-technical user wouldn't know a thing of the difference and could agree to things they are unaware of. I don't know where we need to go to further this discussion the possibilities of this issue, shall I open it up in the forums?
I opened the discussion here(https://bitcointalk.org/index.php?topic=134479.0)
As git comments here will be used for posting updates/changes that are agreed upon (Seems to be the protocol for discussion around here any ways)
I don't see any reason to keep this open at this time.
Looks like the issue on my end was that the website wasn't encoded in UTF-8 and thus the characters the user was copying wouldn't verify. My intention wasn’t to waste anyone’s time I thought this was a real issue. Cheers mates