ietf-openpgp
[Top] [All Lists]

Re: [openpgp] A way to securely define cleartext signature charset

2018-09-08 09:43:53
Why not a hashed signature subpacket?

On 09/07/2018 03:52 PM, Andre Heinecke wrote:> Hi,

today I struggled for several hours with "charset guessing" code, that
handles
cleartext signatures in outlook and I thought that maybe this
situation could
be improved a bit in the future?

I dislike cleartext signatures as much as the next guy (probably more
;-) ).
The points made in [1] are valid and such messages should not be used.
But realistically I think that they won't go away.

My idea would be to define that after the Hash: header and the blank line
(which starts the hashing) that there can be:

Optionally a "Charset" Armor Header followed by one blank line,
both included in the message digest.

So a message like:

Charset: UTF-8

This is än example mässäge.


An rfc4880 implementation would just show:
----
Charset: UTF-8

This is än example mässäge.
----

Ok that is slightly ugly but it's informative and the signature will
still be
verified correctly.
An rfc4880bis application could evaluate the header and omit it in the
output.


Attached is a patch to the draft.


Best Regards,
Andre


1: https://dkg.fifthhorseman.net/notes/inline-pgp-harmful/



_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp


_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp