Re: [openpgp] A way to securely define cleartext signature charset
Werner Koch <wk@gnupg.org> Tue, 11 September 2018 10:04 UTC
Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7361130934 for <openpgp@ietfa.amsl.com>; Tue, 11 Sep 2018 03:04:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HnyRkCAWQvD8 for <openpgp@ietfa.amsl.com>; Tue, 11 Sep 2018 03:04:23 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2AD612D7EA for <openpgp@ietf.org>; Tue, 11 Sep 2018 03:04:23 -0700 (PDT)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1fzfWv-0004i9-IK for <openpgp@ietf.org>; Tue, 11 Sep 2018 12:04:21 +0200
Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1fzfMu-0006gh-El; Tue, 11 Sep 2018 11:54:00 +0200
From: Werner Koch <wk@gnupg.org>
To: Andre Heinecke <aheinecke@intevation.de>
Cc: openpgp@ietf.org
References: <1803390.QxyNr08ExB@esus> <e7480382-f480-05f2-e525-4f4e36f96433@ruhr-uni-bochum.de> <11022095.V4M2a8AgS6@esus>
Organisation: GnuPG e.V.
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Mail-Followup-To: Andre Heinecke <aheinecke@intevation.de>, openpgp@ietf.org
Date: Tue, 11 Sep 2018 11:53:54 +0200
In-Reply-To: <11022095.V4M2a8AgS6@esus> (Andre Heinecke's message of "Sat, 08 Sep 2018 20:27:29 +0200")
Message-ID: <87r2i0xsul.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=smuggle_ASPIC_Blowfish_FSF_COSCO_Firewalls_argus_Taiwan_Ft._Bragg=es"; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/dmL0d6aarDM2pgbiL4jsHgF3QUc>
Subject: Re: [openpgp] A way to securely define cleartext signature charset
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Sep 2018 10:04:26 -0000
On Sat, 8 Sep 2018 20:27, aheinecke@intevation.de said: > Mostly because in an Application you can already use the information from the > header before you do any OpenPGP parsing / signature verification. Verification tools already need to consider an unsigned armor header to figure out the digest algorithm to use. However, this is sometimes not enough because some tools used to have peculiar interpretation of white space and line endings or the "Hash" header line was missing. Thus, for one-pass processing running a second hash context was (or well, is) useful. Adding a "Charset" header and automatically try to convert would lead to an even more complex verification step. I don't think that is justified. Better have a way to sign the character set info and present this to the user in the Good and in the Bad verification case. On a bad verification the user can then choose to convert and try a verification again. That would not be a one-pass processing anymore but for the ugly cleartext signatures this seems to be acceptable. I would thus suggest this new standard notation: ##### The 'charset' Notation The "charset" notation is a description of the character set used to encode the signed plaintext. The default value is "UTF-8". If used, the value MUST be encoded as human readable and MUST be present in the hashed subpacket section of the signature. This notation is useful for cleartext signatures in cases where it is not possible to encode the text in UTF-8. By having the used character set a part of the signed data, attacks exploiting different representation of code points will be mitigated. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
- [openpgp] A way to securely define cleartext sign… Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Peter Pentchev
- Re: [openpgp] A way to securely define cleartext … Marcus Brinkmann
- Re: [openpgp] A way to securely define cleartext … Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Neil Hunsperger
- Re: [openpgp] A way to securely define cleartext … Jon Callas
- Re: [openpgp] A way to securely define cleartext … Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Werner Koch
- Re: [openpgp] A way to securely define cleartext … Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Vincent Breitmoser
- Re: [openpgp] A way to securely define cleartext … Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Werner Koch
- Re: [openpgp] A way to securely define cleartext … Jon Callas
- Re: [openpgp] A way to securely define cleartext … Jon Callas