Re: [openpgp] Character encodings2015-03-18 17:33:02On Tue, 2015-03-17 at 12:44 -0700, Jon Callas wrote: Just get rid of the notion of text. Make it be all binary. Agreed 100%,.. OpenPGP should never to any conversions (e.g. for signature verifications), hinting or anything else with respect to "text encoding". The best thing that can happen is that nothing gets worse (cause even if the OpenPGP implementation would do everything right, the MUA or any other application on top/below may still mangle up data). The worst thing that can happen, is that one could trick users/implementations into taking things as signed in a form which they were not intended to be signed, e.g. I deliberately only wanted to have the file with \n EOLs to be signed, but not any \n\r. In such case however, if a "text mode" is identified, the peer's application would also trust that. With character encodings things are probably even worse. All should be binary. Cheers, Chris.
_______________________________________________ openpgp mailing list openpgp(_at_)ietf(_dot_)org https://www.ietf.org/mailman/listinfo/openpgp
|
|