Re: [openpgp] A way to securely define cleartext signature charset
Neil Hunsperger <Neil_Hunsperger@symantec.com> Mon, 10 September 2018 18:23 UTC
Return-Path: <Neil_Hunsperger@symantec.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13B3F130F40 for <openpgp@ietfa.amsl.com>; Mon, 10 Sep 2018 11:23:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=symantec.com header.b=cJ229oP4; dkim=pass (1024-bit key) header.d=symantec.com header.b=evtND1JW
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZG7QdcAJQycE for <openpgp@ietfa.amsl.com>; Mon, 10 Sep 2018 11:23:39 -0700 (PDT)
Received: from asbsmtoutape02.symantec.com (asbsmtoutape02.symantec.com [155.64.138.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 566E1130F3B for <openpgp@ietf.org>; Mon, 10 Sep 2018 11:23:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=Symantec.com; s=2; c=relaxed/simple; q=dns/txt; i=@Symantec.com; t=1536603818; x=2400517418; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=fNWQem3bipdWISpWHJdEh1HCOc4iinZCaahI0k/AnwA=; b=cJ229oP4YPCR+J45ER2h0eSDrryCpJm7qYDZxktRYaMSPrq+0M7LSCE1M2GYfafj Uq2mVZlhVGWYH00GkJSb2c9TqzQkidV93e6WXJtmmSnbf8MxmGbyu2w3KTe+TlgV 02qkeTYBhigJitbqeqslJs28LFbzm/juMXIqNYLg8w0=;
Received: from asbsmtmtaapi02.symc.symantec.com (asb1-f5-symc-ext-prd-snat9.net.symantec.com [10.90.75.9]) by asbsmtoutape02.symantec.com (Symantec Messaging Gateway) with SMTP id 0A.7A.55316.AA6B69B5; Mon, 10 Sep 2018 18:23:38 +0000 (GMT)
X-AuditID: 0a5af81a-9e3019e00001d814-97-5b96b6aaa363
Received: from TUSXCHMBXWPI01.SYMC.SYMANTEC.COM (asb1-f5-symc-ext-prd-snat1.net.symantec.com [10.90.75.1]) by asbsmtmtaapi02.symc.symantec.com (Symantec Messaging Gateway) with SMTP id EE.D8.63223.AA6B69B5; Mon, 10 Sep 2018 18:23:38 +0000 (GMT)
Received: from TUSXCHMBXWPI02.SYMC.SYMANTEC.COM (10.44.91.34) by TUSXCHMBXWPI01.SYMC.SYMANTEC.COM (10.44.91.33) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 10 Sep 2018 11:23:36 -0700
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (10.44.128.8) by TUSXCHMBXWPI02.SYMC.SYMANTEC.COM (10.44.91.34) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Mon, 10 Sep 2018 11:23:36 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=symantec.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fNWQem3bipdWISpWHJdEh1HCOc4iinZCaahI0k/AnwA=; b=evtND1JWd4x+Iz2rL6zRmSuu9mzKMczeCWHaOMjosbibG/0KGI6wSZw9TZL9mzKTsksZIF/l3YASNwd5X5WcJn0o7/90qjM8nMkvPvBMhFgRVWwaNyZgy98Bq8t2pp9VH2L9Co2lAnmwfzjStuyyc2Gle5q3LTbmq5HDONk7jgo=
Received: from BY2PR16MB0278.namprd16.prod.outlook.com (10.163.66.12) by BY2PR16MB0311.namprd16.prod.outlook.com (10.163.66.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1122.16; Mon, 10 Sep 2018 18:23:35 +0000
Received: from BY2PR16MB0278.namprd16.prod.outlook.com ([fe80::e0b7:65d8:dcad:d5d5]) by BY2PR16MB0278.namprd16.prod.outlook.com ([fe80::e0b7:65d8:dcad:d5d5%2]) with mapi id 15.20.1122.018; Mon, 10 Sep 2018 18:23:35 +0000
From: Neil Hunsperger <Neil_Hunsperger@symantec.com>
To: Andre Heinecke <aheinecke@intevation.de>, IETF OpenPGP <openpgp@ietf.org>
Thread-Topic: [openpgp] A way to securely define cleartext signature charset
Thread-Index: AdRJM0zEISP8RqHATWKN2qZawteo6g==
Date: Mon, 10 Sep 2018 18:23:35 +0000
Message-ID: <BY2PR16MB0278DB57063BDB6F519B882BE9050@BY2PR16MB0278.namprd16.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Neil_Hunsperger@symantec.com;
x-originating-ip: [155.64.23.33]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BY2PR16MB0311; 6:w1wkND/pZBGLqM6ALpNlE1mrEI5uPq0/HBI/2GFhGGIHgb1/GodP4ONtOezX7qcY7J0xzLXWLltzvJLW5Ot/YzkNhqZ9S0S7EjjT1bCd1zvrUPgbtg1dVzSPtpQNFEmaDmi8Z3pgHJLVt0vFskLLTmPELCA5NodrLJpUHtD/YchVPGcKUf7x53uykmdawtDNbJpPYuOpHZmlFtd0GPfiy/K1XaHRpinCvgtlm198tkdpc2+GJrKHKBpOyRFc7jipSPTTwTGiCstjQxXFAywdQ8RRVl8cggTh5yOJp+q7aMHwUBokaCAOZgIiV32NX3jZGPzsjyrRCFg715Iv8flzcbb2DQr+lVDE6UU5MnOlsNCp9nYQJTIgbUuuAcktABZtiytOluGtPo4u0QbItsdBMwqZSDvZoiSIn1c6/YzRK/5nfzkCzQbvIYnn4447V/Wln84+IZlvmSNKML8+00AqpA==; 5:Q5/RJuokskB7KgiREPFw8My3sPAwpVbX9joxiBkwrxdzmMUTphEZQPzMDbM/Fe7lUAnKivYRdwmhF/F9sk29MHx50eHKD+GjOrKhJgooDQDAy0d00Tnd9v+nTTml9DmoqM40wrAh6UOgIcFI+AvkkSOfU2lITep35jZ5wKdQduM=; 7:M5jqN8pY8/5v5FkR9CkKET7aDWdy0ecV4S3ri+vUQX2TdWgl+LIK3vMYWmbBq/UOAsgrk8Q8NIEGe3oWlEbp/fwvUDW3hJ6Fs7J1uJ/h1hwitwLIJ1o9WrhR4oY+gmwsMiMeagHQY04w9teWZnPjExns/9nMe6rBuo/IBHqys47/ZgbywmTyZBZHKBniV9TR6DOIk+HY+3RISMjlVongOdPrXjwIFPeykRNDsLQvfj+hO5rbxxl68V2MQPl7/k9d
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 098b2e2e-31e1-4b06-81a9-08d6174a8594
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:BY2PR16MB0311;
x-ms-traffictypediagnostic: BY2PR16MB0311:
x-microsoft-antispam-prvs: <BY2PR16MB0311DE15596DFDBF2D76C414E9050@BY2PR16MB0311.namprd16.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231311)(944501410)(52105095)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(201708071742011)(7699050); SRVR:BY2PR16MB0311; BCL:0; PCL:0; RULEID:; SRVR:BY2PR16MB0311;
x-forefront-prvs: 07915F544A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(396003)(39860400002)(376002)(136003)(366004)(199004)(189003)(6246003)(72206003)(2906002)(6436002)(256004)(316002)(7696005)(53936002)(99286004)(86362001)(186003)(5250100002)(486006)(45080400002)(26005)(55016002)(14444005)(14454004)(102836004)(6506007)(110136005)(229853002)(10290500003)(105586002)(3846002)(106356001)(6116002)(66066001)(476003)(9686003)(25786009)(478600001)(8676002)(68736007)(7736002)(81166006)(81156014)(305945005)(74316002)(8936002)(33656002)(97736004)(80792005)(2900100001)(5660300001)(43043002)(9010500006); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR16MB0311; H:BY2PR16MB0278.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: symantec.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: hmhzj7m/QdQW4MP+O9cTMZnQ5jCNjydD0VjfzyJjRvxT9CfgpMlwMUDnL/g0jo/mDxonBWrrsEI+9igd6AhFue6oT1Fe2bmwHcxQX9gLWpYTrSmeh9p18tfY2FqF9fWkAMzHaapqsW2WUsrf9PuByYOagghacecsKadIUF5eRw04GsC30Asvec72WIb3RE+gHb8iKvOEHmlzSu4K6SLSwLPTrN07heTVni/TwLcXcwaL5fMNaOFDI0BvKyqM7YGWQNXWuLEuH+vXECHALHfxj3GrWW7zyLoQOjTghvl+x8z1UPLs6fr3ccHDynFljPFrsri53qFT+beKW82h1XfI8PawPuOHKE6WBCnmrNIaOo8=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 098b2e2e-31e1-4b06-81a9-08d6174a8594
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Sep 2018 18:23:35.4363 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 3b217a9b-6c58-428b-b022-5ad741ce2016
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR16MB0311
X-OriginatorOrg: symantec.com
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprAKsWRmVeSWpSXmKPExsXCFeXNqbtq27Rog5PX+Sxu3F7MZtHw7yG7 A5PHkiU/mTxOng0MYIrisklJzcksSy3St0vgypjXM5G94ABrxaVpt1kbGHewdDFyckgImEhs OP6NtYuRi0NI4COjRPPpe0wwicYJf9ghEt8YJW7ueARVdYRR4su6k1DOC0aJ+R1H2EAcFoEJ zBJtu1vZIDKTmCQWNLexgQwTEnjEKPFqIj+IzQY0eO30NrAlIgK+EtN+PGEEsYUFvCX2f17H BhH3kXi3ahbQcg4gW0+i7YkNSJhFQFVi6bs5YOW8AjES+zf0go1hFBCT+H5qDZjNLCAucevJ fKgfBCSW7DnPDGGLSrx8/I8Voj5eou31VKi4gsTh2S3sELasxKX53Ywg90sI7GOXOHXpNTSU dCU+TAVp4ACyfSV2HqyAqDnOKNF/eQLUIC2JzS8/QS3Olujd+hCq11ri5bndrBC2nMSqXpA4 SPNKZolrR2azTGA0moXkcAhbR2LB7k9sELa2xLKFr5lngT0tKHFy5hOWBYwsqxgVEouTinNL 8ktLEgtSDYz0iitzk0FEIjCVJOsl5+duYgSnkx9SOxif3PE5xCjAwajEw3tsw7RoIdbEMqDK Q4wSHMxKIry7dIBCvCmJlVWpRfnxRaU5qcWHGKU5WJTEeTd9L44WEkhPLEnNTk0tSC2CyTJx cEo1MMqbLJG6PXU6b+fs+0xuPb+6ru9mnuHTObf3Lu/SDSU3Js882xDavUVutcViCcab9ZMu 3QgpyzmXUL/mJLNB+ooM/Y2t84vrpNhi+Q4X3719OGF+/u5lc4/Vrv7WMU3dtP+D1oO/TmKF WQ6113ymbY1XfbxfaU/MHG/eMOsZfbdrmNskWbIcHiixFGckGmoxFxUnAgCFs5qNIwMAAA==
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrCIsWRmVeSWpSXmKPExsXCFeXNqLtq27Rog2ndnBY3bi9ms2j495Dd gcljyZKfTB4nzwYGMEVx2aSk5mSWpRbp2yVwZczrmchecIC14tK026wNjDtYuhg5OSQETCQa J/xh72Lk4hAS+MYocXPHI1YI5wijxJd1J6GcF4wS8zuOsIE4LAITmCXadreyQWQmMUksaG5j AxkmJPCIUeLVRH4Qmw1o8NrpbUwgtoiAr8S0H08YQWxhAW+J/Z/XsUHEfSTerZoFtJwDyNaT aHtiAxJmEVCVWPpuDlg5r0CMxP4NvWBjGAXEJL6fWgNmMwuIS9x6Mp8J4gcBiSV7zjND2KIS Lx//Y4Woj5doez0VKq4gcXh2CzuELStxaX43I8j9EgL72CVOXXoNDQxdiQ9TQRo4gGxfiZ0H KyBqjjNK9F+eADVIS2Lzy09Qi7Mlerc+hOq1lnh5bjcrhC0nsaoXJA7SvJJZ4tqR2SwQQ2Uk Fq8NhIhfYpW4fuIk4wRGvVlIHoKwdSQW7P7EBmFrSyxb+Jp5FjgwBCVOznzCsoCRZRWjQmJx UnFuSW5JYmJBpoGRXnFlbjKISAQmkmS95PzcTYzgZPJbfAfjuT8+hxgFOBiVeHg1cqdFC7Em lgFVHmKU5mBREucVLoqMFhJITyxJzU5NLUgtii8qzUktPsTIxMEp1cC48OrpO9tnnLrSwaFQ FPpTYH7aOTFz/7Mzv6vH5hxtSXOzs1sx6avPm3PB/TUNfgd2TjrRFDbjlU7QbbF+TT+m9x57 9yT+n5Jmu2qK8DG/BTLXknUz7V1WPd1heLi+4juzELv2XKtVx6cZTLJMa5Y9zFgRcqmSQVxW se6+XNU/N7ULCv+PN/5QYinOSDTUYi4qTgQAq0yDggcDAAA=
X-CFilter-Loop: ASB03
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/-7iatBMjwbFTTbwuIjvC2LdjsPY>
Subject: Re: [openpgp] A way to securely define cleartext signature charset
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Sep 2018 18:23:41 -0000
> today I struggled for several hours with "charset guessing" code, that handles > cleartext signatures in outlook and I thought that maybe this situation could > be improved a bit in the future? I'll add a data point. Some years back, the PGP Desktop product added an unsigned "Charset" header to its ASCII armor. The result looked like this: -----BEGIN PGP SIGNATURE----- Version: PGP SDK 4.2.1 Charset: iso-8859-1 It solved a real-world problem of intermediate software re-writing character sets using lossless conversions. It didn't solve the security issue in your link to DKG's post. In practice it also didn't avoid 2-pass signature verification. Cheers, -Neil
- [openpgp] A way to securely define cleartext sign… Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Peter Pentchev
- Re: [openpgp] A way to securely define cleartext … Marcus Brinkmann
- Re: [openpgp] A way to securely define cleartext … Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Neil Hunsperger
- Re: [openpgp] A way to securely define cleartext … Jon Callas
- Re: [openpgp] A way to securely define cleartext … Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Werner Koch
- Re: [openpgp] A way to securely define cleartext … Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Vincent Breitmoser
- Re: [openpgp] A way to securely define cleartext … Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Werner Koch
- Re: [openpgp] A way to securely define cleartext … Jon Callas
- Re: [openpgp] A way to securely define cleartext … Jon Callas