Re: [openpgp] A way to securely define cleartext signature charset
Andre Heinecke <aheinecke@intevation.de> Sat, 08 September 2018 18:00 UTC
Return-Path: <aheinecke@intevation.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FA4B130E2B for <openpgp@ietfa.amsl.com>; Sat, 8 Sep 2018 11:00:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_ABOUTYOU=0.5, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sIR3dhhi2aqz for <openpgp@ietfa.amsl.com>; Sat, 8 Sep 2018 11:00:49 -0700 (PDT)
Received: from kolab.intevation.de (kolab.intevation.de [212.95.107.133]) by ietfa.amsl.com (Postfix) with ESMTP id 153C6130E1C for <openpgp@ietf.org>; Sat, 8 Sep 2018 11:00:49 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by kolab.intevation.de (Postfix) with ESMTP id 6A17262286 for <openpgp@ietf.org>; Sat, 8 Sep 2018 20:00:48 +0200 (CEST)
X-Virus-Scanned: by amavisd-new at intevation.de
Received: from kolab.intevation.de ([127.0.0.1]) by localhost (kolab.intevation.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hgb-YQTQ1tiL for <openpgp@ietf.org>; Sat, 8 Sep 2018 20:00:45 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by kolab.intevation.de (Postfix) with ESMTP id C4168622F0 for <openpgp@ietf.org>; Sat, 8 Sep 2018 20:00:45 +0200 (CEST)
Received: from esus.localnet (81-5-224-141.hdsl.highway.telekom.at [81.5.224.141]) (Authenticated sender: andre.heinecke@intevation.de) by kolab.intevation.de (Postfix) with ESMTPSA id 9694F62273; Sat, 8 Sep 2018 20:00:45 +0200 (CEST)
From: Andre Heinecke <aheinecke@intevation.de>
To: openpgp@ietf.org
Cc: Peter Pentchev <roam@ringlet.net>
Date: Sat, 08 Sep 2018 20:00:44 +0200
Message-ID: <2724293.aWr2D75my6@esus>
User-Agent: KMail/5.2.3 (Linux/4.9.0-8-amd64; KDE/5.28.0; x86_64; ; )
In-Reply-To: <20180908111953.GE5330@straylight.m.ringlet.net>
References: <1803390.QxyNr08ExB@esus> <20180908111953.GE5330@straylight.m.ringlet.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart2132294.v3e1ENcnqK"; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/C78f2RbXKpqilA32q6tTJ3olpcE>
Subject: Re: [openpgp] A way to securely define cleartext signature charset
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Sep 2018 18:00:50 -0000
Hi, On Saturday, September 8, 2018 2:19:53 PM CEST Peter Pentchev wrote: > Hmm, is there any way to guard against a false positive identification of > an "old" message that just happens to start with such a line? I can't > think of any off the top of my head... I do not think so. Well you could put additional information in the signature that will identify it as a cleartext signature following rfc4880bis and only then handle the charset header. But I think that would overcomplicate it. I do not think that a false positivie would not hurt much. PGP Inline charset handling is basically guessing so a false positive would just be a false guess. And I think that if someone today signs a message that says Charset: XYZ And then continues with some text in another charset it would be weird anyway. > Don't get me wrong, I *do* see the good things about your proposal. Thanks! Best Regards, Andre -- Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
- [openpgp] A way to securely define cleartext sign… Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Peter Pentchev
- Re: [openpgp] A way to securely define cleartext … Marcus Brinkmann
- Re: [openpgp] A way to securely define cleartext … Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Neil Hunsperger
- Re: [openpgp] A way to securely define cleartext … Jon Callas
- Re: [openpgp] A way to securely define cleartext … Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Werner Koch
- Re: [openpgp] A way to securely define cleartext … Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Vincent Breitmoser
- Re: [openpgp] A way to securely define cleartext … Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Werner Koch
- Re: [openpgp] A way to securely define cleartext … Jon Callas
- Re: [openpgp] A way to securely define cleartext … Jon Callas