IETF Logo Mail Archive

Re: [openpgp] A way to securely define cleartext signature charset

Andre Heinecke <aheinecke@intevation.de> Tue, 11 September 2018 10:14 UTC

Return-Path: <aheinecke@intevation.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFC18130DE0 for <openpgp@ietfa.amsl.com>; Tue, 11 Sep 2018 03:14:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iZjUcZsm-0SN for <openpgp@ietfa.amsl.com>; Tue, 11 Sep 2018 03:14:47 -0700 (PDT)
Received: from kolab.intevation.de (kolab.intevation.de [212.95.107.133]) by ietfa.amsl.com (Postfix) with ESMTP id 1C993127332 for <openpgp@ietf.org>; Tue, 11 Sep 2018 03:14:47 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by kolab.intevation.de (Postfix) with ESMTP id 4F4F6622A4 for <openpgp@ietf.org>; Tue, 11 Sep 2018 12:14:46 +0200 (CEST)
X-Virus-Scanned: by amavisd-new at intevation.de
Received: from kolab.intevation.de ([127.0.0.1]) by localhost (kolab.intevation.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D7gU5hPmnE06 for <openpgp@ietf.org>; Tue, 11 Sep 2018 12:14:44 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by kolab.intevation.de (Postfix) with ESMTP id 2D8AD6256F for <openpgp@ietf.org>; Tue, 11 Sep 2018 12:14:44 +0200 (CEST)
Received: from esus.localnet (81-5-224-141.hdsl.highway.telekom.at [81.5.224.141]) (Authenticated sender: andre.heinecke@intevation.de) by kolab.intevation.de (Postfix) with ESMTPSA id 021EB622A4; Tue, 11 Sep 2018 12:14:44 +0200 (CEST)
From: Andre Heinecke <aheinecke@intevation.de>
To: Werner Koch <wk@gnupg.org>
Cc: openpgp@ietf.org
Date: Tue, 11 Sep 2018 12:14:43 +0200
Message-ID: <2069480.MVc5JfVDOz@esus>
User-Agent: KMail/5.2.3 (Linux/4.9.0-8-amd64; KDE/5.28.0; x86_64; ; )
In-Reply-To: <87r2i0xsul.fsf@wheatstone.g10code.de>
References: <1803390.QxyNr08ExB@esus> <11022095.V4M2a8AgS6@esus> <87r2i0xsul.fsf@wheatstone.g10code.de>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart1736439.6m2XM5yh0A"; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/fu9fO_QA__DLvUhqAHqsAoZg8tY>
Subject: Re: [openpgp] A way to securely define cleartext signature charset
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Sep 2018 10:14:49 -0000

On Tuesday, September 11, 2018 11:53:54 AM CEST Werner Koch wrote:
> Verification tools already need to consider an unsigned armor header to
> figure out the digest algorithm to use.  However, this is sometimes not
> enough because some tools used to have peculiar interpretation of white
> space and line endings or the "Hash" header line was missing.  Thus, for
> one-pass processing running a second hash context was (or well, is)
> useful.  Adding a "Charset" header and automatically try to convert
> would lead to an even more complex verification step.  I don't think
> that is justified.

Thinking more from the "backend" standpoint and less from the Application 
using the backend this makes sense to me. A minor issue is that my Application 
might temporarily show the wrong representation before the verification is done 
but I guess that is indeed minor.

> Better have a way to sign the character set info and present this to the
> user in the Good and in the Bad verification case.  On a bad
> verification the user can then choose to convert and try a verification
> again.  That would not be a one-pass processing anymore but for the ugly
> cleartext signatures this seems to be acceptable.

Yes, as for me the "User" would be my Application and not the person sitting 
in front of the Computer I think that is acceptable as it can be handled 
automatically.

> I would thus suggest this new standard notation:
> 
>   ##### The 'charset' Notation
>   
>   The "charset" notation is a description of the character set used to
>   encode the signed plaintext.  The default value is "UTF-8".  If used,
>   the value MUST be encoded as human readable and MUST be present in the
>   hashed subpacket section of the signature.  This notation is useful
>   for cleartext signatures in cases where it is not possible to encode
>   the text in UTF-8.  By having the used character set a part of the
>   signed data, attacks exploiting different representation of code
>   points will be mitigated.

I like it.

"The default value is "UTF-8"" -> Do I understand this correctly that this 
basically means: If no charset notation is provided a cleartext signature MUST 
be in UTF-8?
That would be great.


Thanks and best regards,
Andre

-- 
Andre Heinecke |  ++49-541-335083-262  | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

v2.23.0 | Report a Bug | By Email