On Fri, Sep 07, 2018 at 03:52:43PM +0200, Andre Heinecke wrote:
Hi,
today I struggled for several hours with "charset guessing" code, that
handles
cleartext signatures in outlook and I thought that maybe this situation could
be improved a bit in the future?
I dislike cleartext signatures as much as the next guy (probably more ;-) ).
The points made in [1] are valid and such messages should not be used.
But realistically I think that they won't go away.
My idea would be to define that after the Hash: header and the blank line
(which starts the hashing) that there can be:
Optionally a "Charset" Armor Header followed by one blank line,
both included in the message digest.
So a message like:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Charset: UTF-8
This is än example mässäge.
-----BEGIN PGP SIGNATURE-----
Hmm, is there any way to guard against a false positive identification of
an "old" message that just happens to start with such a line? I can't
think of any off the top of my head...
Don't get me wrong, I *do* see the good things about your proposal.
Best regards,
Peter
--
Peter Pentchev roam@{ringlet.net,debian.org,FreeBSD.org}
pp(_at_)storpool(_dot_)com
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
signature.asc
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp