Re: [openpgp] A way to securely define cleartext signature charset
Andre Heinecke <aheinecke@intevation.de> Tue, 11 September 2018 10:14 UTC
Return-Path: <aheinecke@intevation.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFC18130DE0 for <openpgp@ietfa.amsl.com>; Tue, 11 Sep 2018 03:14:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iZjUcZsm-0SN for <openpgp@ietfa.amsl.com>; Tue, 11 Sep 2018 03:14:47 -0700 (PDT)
Received: from kolab.intevation.de (kolab.intevation.de [212.95.107.133]) by ietfa.amsl.com (Postfix) with ESMTP id 1C993127332 for <openpgp@ietf.org>; Tue, 11 Sep 2018 03:14:47 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by kolab.intevation.de (Postfix) with ESMTP id 4F4F6622A4 for <openpgp@ietf.org>; Tue, 11 Sep 2018 12:14:46 +0200 (CEST)
X-Virus-Scanned: by amavisd-new at intevation.de
Received: from kolab.intevation.de ([127.0.0.1]) by localhost (kolab.intevation.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D7gU5hPmnE06 for <openpgp@ietf.org>; Tue, 11 Sep 2018 12:14:44 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by kolab.intevation.de (Postfix) with ESMTP id 2D8AD6256F for <openpgp@ietf.org>; Tue, 11 Sep 2018 12:14:44 +0200 (CEST)
Received: from esus.localnet (81-5-224-141.hdsl.highway.telekom.at [81.5.224.141]) (Authenticated sender: andre.heinecke@intevation.de) by kolab.intevation.de (Postfix) with ESMTPSA id 021EB622A4; Tue, 11 Sep 2018 12:14:44 +0200 (CEST)
From: Andre Heinecke <aheinecke@intevation.de>
To: Werner Koch <wk@gnupg.org>
Cc: openpgp@ietf.org
Date: Tue, 11 Sep 2018 12:14:43 +0200
Message-ID: <2069480.MVc5JfVDOz@esus>
User-Agent: KMail/5.2.3 (Linux/4.9.0-8-amd64; KDE/5.28.0; x86_64; ; )
In-Reply-To: <87r2i0xsul.fsf@wheatstone.g10code.de>
References: <1803390.QxyNr08ExB@esus> <11022095.V4M2a8AgS6@esus> <87r2i0xsul.fsf@wheatstone.g10code.de>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart1736439.6m2XM5yh0A"; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/fu9fO_QA__DLvUhqAHqsAoZg8tY>
Subject: Re: [openpgp] A way to securely define cleartext signature charset
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Sep 2018 10:14:49 -0000
On Tuesday, September 11, 2018 11:53:54 AM CEST Werner Koch wrote: > Verification tools already need to consider an unsigned armor header to > figure out the digest algorithm to use. However, this is sometimes not > enough because some tools used to have peculiar interpretation of white > space and line endings or the "Hash" header line was missing. Thus, for > one-pass processing running a second hash context was (or well, is) > useful. Adding a "Charset" header and automatically try to convert > would lead to an even more complex verification step. I don't think > that is justified. Thinking more from the "backend" standpoint and less from the Application using the backend this makes sense to me. A minor issue is that my Application might temporarily show the wrong representation before the verification is done but I guess that is indeed minor. > Better have a way to sign the character set info and present this to the > user in the Good and in the Bad verification case. On a bad > verification the user can then choose to convert and try a verification > again. That would not be a one-pass processing anymore but for the ugly > cleartext signatures this seems to be acceptable. Yes, as for me the "User" would be my Application and not the person sitting in front of the Computer I think that is acceptable as it can be handled automatically. > I would thus suggest this new standard notation: > > ##### The 'charset' Notation > > The "charset" notation is a description of the character set used to > encode the signed plaintext. The default value is "UTF-8". If used, > the value MUST be encoded as human readable and MUST be present in the > hashed subpacket section of the signature. This notation is useful > for cleartext signatures in cases where it is not possible to encode > the text in UTF-8. By having the used character set a part of the > signed data, attacks exploiting different representation of code > points will be mitigated. I like it. "The default value is "UTF-8"" -> Do I understand this correctly that this basically means: If no charset notation is provided a cleartext signature MUST be in UTF-8? That would be great. Thanks and best regards, Andre -- Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
- [openpgp] A way to securely define cleartext sign… Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Peter Pentchev
- Re: [openpgp] A way to securely define cleartext … Marcus Brinkmann
- Re: [openpgp] A way to securely define cleartext … Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Neil Hunsperger
- Re: [openpgp] A way to securely define cleartext … Jon Callas
- Re: [openpgp] A way to securely define cleartext … Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Werner Koch
- Re: [openpgp] A way to securely define cleartext … Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Vincent Breitmoser
- Re: [openpgp] A way to securely define cleartext … Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Werner Koch
- Re: [openpgp] A way to securely define cleartext … Jon Callas
- Re: [openpgp] A way to securely define cleartext … Jon Callas