-----BEGIN PGP SIGNED MESSAGE-----
A set of problems have arisen during the initial testing of 5.0i for
Windows in a non-English environment. I believe it is desirable to
treat (or at least identify) them in OP, for the benefits of OP
worldwide promulgation.
1. "charset" header.
[2.4.1 in the November OP Draft]
1.1
"Charset" header needs defining. Values defined in 2.6.xi need
enlisting. A mechanism for charsets registration, or embracing
charsets otherwise registered needs defining.
1.2 Discussion
PGP 5.0 is unable to process correctly armors with
"charset" headers other than "noconv" and equivalents. (However, 5.0
doesn't claim 2.6i compatibility, but 2.6).
1.3 Note
It would be neat to advise developers (SHOULD?) to set
"charset" to "noconv" if related material is pure 7-bit ASCII,
regardles of the settings of native 8-bit interpretation in the
environment.
2. Clearsigning 8-bit
[2.6 in the November OP Draft]
2.1 Discussion
5.0(i) for Windows works with the three exact types
of object: (1) files, (2) clipboard text, and (3) data provided
by an MUA plugin through API. Right?
I cannot test mode (3) now, but the first two (files, with "Text
output" on and "Sign clipboard text" from PGPtray) both produce
a clearsigned 8-bit text which is in some sence "correct"
"Correct" means that resulting file passes signcheck with 2.6.3,
("charset=noconv"), and v.v., clearsigned text produced with 2.6.3
("charset=noconv") passes signcheck by 5.0(i) (when the known
"123-213" bug in 5.0 is fixed).
2.2 Problems with clearsigning
There are still problems however.
(1) 8-bit clearsigning is not described anywhere (I presume). I
strongly believe it needs defining at least as "SHOULD" in
OP.
(2) "charset" setting is somewhat misleading. For instance, when I
sign a 8-bit text content of Windows clipboard, it is usually
meaningful in Windows native coding (the so called Windows-cpXXXX, is
it described anywhere?), "windows-cp1251" for Russian. But I have
"charset" header in sig armor set in "noconv". PGP 2.6.3i (on all
platforms) and most other programs interprete "noconv" as equivalent
to a native codepage of the receiving system. (In particular, "KOI8-R"
extended charset as Russian standard for open systems).
(3) If sending MUA is to perform any other (not cryptographic)
8-bit-to-8-bit or 8-bit-to-7-bit transmutation of a msg, the MUA must
first do this transmutation, then sign the message, and a receiving
MUA must first check signature, then perform any other transmutations.
Right?
I believe it _is not_ defined anywhere presently. (RFC2015 defines
8-bit-to-7-bit only "normalization").
-----BEGIN PGP SIGNATURE-----
Version: PGP 5.0iRu Alpha 2
iQCVAwUBNIVeR3GCEHWOiJDhAQFR8gP8D+hb2n4hRCzL9c0KeRJ8XY4Afa4TVCa7
0WvQNno3KV/oR7d4YCavHxvkC8/2747z8gp7bBpTVK+BZrDxJ6DcaDjrCHeFDasF
oSKnGGyIUpe7vHu9xgtWDViDCYJ9GZ1zuti8SG5mbvCV9pVBogpjNUMbMWvOt9ek
0ca1ZuXM8eg=
=Raiu
-----END PGP SIGNATURE-----
--
-- Maksim Otstavnov <maksim(_at_)volga(_dot_)net>
http://www.geocities.com/SoHo/Studios/1059/
-- -maintainer of The Russian PGP HomePage
-- (http://www.geocities.com/SoHo/Studios/1059/pgp-ru.html)
-- -moderator of "Security&Privacy" (Russian language) Web-forum
-- (http://www.rocit.ru/forum)