Re: [openpgp] Character encodings

Christoph Anton Mitterer <calestyo@scientia.net> Wed, 18 March 2015 22:32 UTC

Return-Path: <calestyo@scientia.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11AE71A8900 for <openpgp@ietfa.amsl.com>; Wed, 18 Mar 2015 15:32:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O0USWtoqX66t for <openpgp@ietfa.amsl.com>; Wed, 18 Mar 2015 15:32:56 -0700 (PDT)
Received: from mailgw01.dd24.net (mailgw-01.dd24.net [193.46.215.41]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6F4B1A88FD for <openpgp@ietf.org>; Wed, 18 Mar 2015 15:32:55 -0700 (PDT)
Received: from mailpolicy-01.live.igb.homer.key-systems.net (mailpolicy-02.live.igb.homer.key-systems.net [192.168.1.27]) by mailgw01.dd24.net (Postfix) with ESMTP id 8A9115FC12 for <openpgp@ietf.org>; Wed, 18 Mar 2015 22:32:53 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at mailpolicy-02.live.igb.homer.key-systems.net
Received: from mailgw01.dd24.net ([192.168.1.35]) by mailpolicy-01.live.igb.homer.key-systems.net (mailpolicy-02.live.igb.homer.key-systems.net [192.168.1.25]) (amavisd-new, port 10235) with ESMTP id 9iVibjnJ8P5u for <openpgp@ietf.org>; Wed, 18 Mar 2015 22:32:51 +0000 (UTC)
Received: from heisenberg.fritz.box (ppp-93-104-121-105.dynamic.mnet-online.de [93.104.121.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailgw01.dd24.net (Postfix) with ESMTPSA for <openpgp@ietf.org>; Wed, 18 Mar 2015 22:32:51 +0000 (UTC)
Message-ID: <1426717970.4249.16.camel@scientia.net>
From: Christoph Anton Mitterer <calestyo@scientia.net>
To: openpgp@ietf.org
Date: Wed, 18 Mar 2015 23:32:50 +0100
In-Reply-To: <BA6424A3-68E7-4690-AA13-EE4B1C3F964C@callas.org>
References: <CAHRa8=UbKKnmAmHCxsGwONsgM5udRbbKkm=Nyzf7Jrgg70+j5A@mail.gmail.com> <BA6424A3-68E7-4690-AA13-EE4B1C3F964C@callas.org>
Content-Type: multipart/signed; micalg="sha-512"; protocol="application/x-pkcs7-signature"; boundary="=-2aXy0nDd4iMzUhdU26LH"
X-Mailer: Evolution 3.12.9-1+b1
Mime-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/Aao_WXZsJ9enOtBHIckTsXGe6dw>
Subject: Re: [openpgp] Character encodings
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Mar 2015 22:32:58 -0000

On Tue, 2015-03-17 at 12:44 -0700, Jon Callas wrote: 
> Just get rid of the notion of text. Make it be all binary.
Agreed 100%,.. OpenPGP should never to any conversions (e.g. for
signature verifications), hinting or anything else with respect to "text
encoding".

The best thing that can happen is that nothing gets worse (cause even if
the OpenPGP implementation would do everything right, the MUA or any
other application on top/below may still mangle up data).

The worst thing that can happen, is that one could trick
users/implementations into taking things as signed in a form which they
were not intended to be signed, e.g. I deliberately only wanted to have
the file with \n EOLs to be signed, but not any \n\r. In such case
however, if a "text mode" is identified, the peer's application would
also trust that.
With character encodings things are probably even worse.

All should be binary.


Cheers,
Chris.