Re: [openpgp] text signatures
Daniel Huigens <d.huigens@protonmail.com> Mon, 28 November 2022 19:39 UTC
Return-Path: <d.huigens@protonmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B802C14F72C for <openpgp@ietfa.amsl.com>; Mon, 28 Nov 2022 11:39:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jMcKpmDqeyYY for <openpgp@ietfa.amsl.com>; Mon, 28 Nov 2022 11:39:14 -0800 (PST)
Received: from mail-4322.protonmail.ch (mail-4322.protonmail.ch [185.70.43.22]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AB97C14F6EC for <openpgp@ietf.org>; Mon, 28 Nov 2022 11:39:13 -0800 (PST)
Date: Mon, 28 Nov 2022 19:39:02 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1669664352; x=1669923552; bh=ram+P81wwWgmzQQKJ2arCRjwoPj73ysxKsjZMYivN4I=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=d1d+11SEngdwOP3hk4RLhYgimwAMnJ2DijuaIkZN7gReaOIirhWmnKCr/XfHwGzpb n4hZ+C+4JP8XVFloLeEPQAP2R9ml4ZnAIwHbWxNdEgGISI3CFr0Q4IOYw2Q9drAZbW JK1LuRRr/h6LPp/sYT8HM8jYtOISCxut5A2RmYaHrGOWo2SwcaIH2HUNQHy6J5TlMi XqrqNZ86nlSOdozYQ3s1RuvBmiXG3ctbZ6d3lz+Of8CRjxpxTokhZFvkj91OX3K5Ur jHjyfcx+aFwRSNqEaaotx+SvrAgMI1vEEEEI/xeKEK7VcmW3jQ32FQd2AxEvp2kM2L NVflHAq0jSK2A==
To: "Neal H. Walfield" <neal@walfield.org>
From: Daniel Huigens <d.huigens@protonmail.com>
Cc: IETF OpenPGP WG <openpgp@ietf.org>
Message-ID: <DoVNV3lGG-ohQLhfXZW5zx49v5_y8QHxza1uhOXUhjpY_bhVEX8B1hd8OG-ZHx1--EiV0039t-Oz9zTUBEGROaaHWWBp8ejfXhZzXFMIjc0=@protonmail.com>
In-Reply-To: <87mt8b5dmk.wl-neal@walfield.org>
References: <87mt8b5dmk.wl-neal@walfield.org>
Feedback-ID: 2934448:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/OXvXdhjt3WVNsdHsegKFWRw78pE>
Subject: Re: [openpgp] text signatures
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Nov 2022 19:39:18 -0000
Hi Neal, Yeah, I tend to agree. I also brought this up in the MR where this change was proposed [1], and we subsequently discussed it in the DT, where I suggested to change the proposed text from "is encoded" to "MUST be encoded" in order to signal that this is a new instruction that only applies to new signatures, and that those indeed MUST be UTF-8 encoded (which reflects the new guidance for literal data packets in [2] to the same effect). My intention with that (not speaking for dkg or the rest of the DT, though) was that for existing signatures, it shouldn't apply, but actually the quoted section is general to both signing and verification, so probably that intention isn't captured by the final text, and it should be changed again. Since the literal data packet already says that text data MUST be UTF-8, maybe this guidance is redundant, in that case, and can just be removed? We might still need some guidance for detached signatures; e.g. we could state in section 11.4 that detached text signatures MUST be over UTF-8 encoded text (and similarly for clearsigned messages as well?) Or, from the other direction, we could say that when creating signatures the implementation may only set the signature type to text if it's confident that it's signing UTF-8 encoded text? Best, Daniel [1]: https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/111 [2]: https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-07#section-5.9
- [openpgp] text signatures Neal H. Walfield
- Re: [openpgp] text signatures Daniel Huigens
- Re: [openpgp] text signatures Neal H. Walfield
- Re: [openpgp] text signatures Daniel Huigens