Re: [openpgp] A way to securely define cleartext signature charset
Peter Pentchev <roam@ringlet.net> Sat, 08 September 2018 11:19 UTC
Return-Path: <roam@ringlet.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C42C41286E3 for <openpgp@ietfa.amsl.com>; Sat, 8 Sep 2018 04:19:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_ABOUTYOU=0.5, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sYsOtAiQz6EI for <openpgp@ietfa.amsl.com>; Sat, 8 Sep 2018 04:19:57 -0700 (PDT)
Received: from nimbus.fccf.net (nimbus.fccf.net [77.77.144.35]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9CE91277D2 for <openpgp@ietf.org>; Sat, 8 Sep 2018 04:19:57 -0700 (PDT)
Received: from straylight.m.ringlet.net (212-39-89-232.ip.btc-net.bg [212.39.89.232]) by nimbus.fccf.net (Postfix) with ESMTPSA id BF7E4331 for <openpgp@ietf.org>; Sat, 8 Sep 2018 14:19:54 +0300 (EEST)
Received: from roam (uid 1000) (envelope-from roam@ringlet.net) id 6208c9 by straylight.m.ringlet.net (DragonFly Mail Agent v0.11); Sat, 08 Sep 2018 14:19:53 +0300
Date: Sat, 08 Sep 2018 14:19:53 +0300
From: Peter Pentchev <roam@ringlet.net>
To: Andre Heinecke <aheinecke@intevation.de>
Cc: IETF OpenPGP <openpgp@ietf.org>
Message-ID: <20180908111953.GE5330@straylight.m.ringlet.net>
References: <1803390.QxyNr08ExB@esus>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="8nsIa27JVQLqB7/C"
Content-Disposition: inline
In-Reply-To: <1803390.QxyNr08ExB@esus>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/jcLiQVRxG1dpnbnTeU3iuKH5ma4>
Subject: Re: [openpgp] A way to securely define cleartext signature charset
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Sep 2018 11:20:00 -0000
On Fri, Sep 07, 2018 at 03:52:43PM +0200, Andre Heinecke wrote: > Hi, > > today I struggled for several hours with "charset guessing" code, that handles > cleartext signatures in outlook and I thought that maybe this situation could > be improved a bit in the future? > > I dislike cleartext signatures as much as the next guy (probably more ;-) ). > The points made in [1] are valid and such messages should not be used. > But realistically I think that they won't go away. > > My idea would be to define that after the Hash: header and the blank line > (which starts the hashing) that there can be: > > Optionally a "Charset" Armor Header followed by one blank line, > both included in the message digest. > > So a message like: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Charset: UTF-8 > > This is än example mässäge. > -----BEGIN PGP SIGNATURE----- Hmm, is there any way to guard against a false positive identification of an "old" message that just happens to start with such a line? I can't think of any off the top of my head... Don't get me wrong, I *do* see the good things about your proposal. Best regards, Peter -- Peter Pentchev roam@{ringlet.net,debian.org,FreeBSD.org} pp@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
- [openpgp] A way to securely define cleartext sign… Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Peter Pentchev
- Re: [openpgp] A way to securely define cleartext … Marcus Brinkmann
- Re: [openpgp] A way to securely define cleartext … Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Neil Hunsperger
- Re: [openpgp] A way to securely define cleartext … Jon Callas
- Re: [openpgp] A way to securely define cleartext … Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Werner Koch
- Re: [openpgp] A way to securely define cleartext … Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Vincent Breitmoser
- Re: [openpgp] A way to securely define cleartext … Andre Heinecke
- Re: [openpgp] A way to securely define cleartext … Werner Koch
- Re: [openpgp] A way to securely define cleartext … Jon Callas
- Re: [openpgp] A way to securely define cleartext … Jon Callas