Why not a hashed signature subpacket?
On 09/07/2018 03:52 PM, Andre Heinecke wrote:> Hi,
today I struggled for several hours with "charset guessing" code, that
handles
cleartext signatures in outlook and I thought that maybe this
situation could
be improved a bit in the future?
I dislike cleartext signatures as much as the next guy (probably more
;-) ).
The points made in [1] are valid and such messages should not be used.
But realistically I think that they won't go away.
My idea would be to define that after the Hash: header and the blank line
(which starts the hashing) that there can be:
Optionally a "Charset" Armor Header followed by one blank line,
both included in the message digest.
So a message like:
Charset: UTF-8
This is än example mässäge.
An rfc4880 implementation would just show:
----
Charset: UTF-8
This is än example mässäge.
----
Ok that is slightly ugly but it's informative and the signature will
still be
verified correctly.
An rfc4880bis application could evaluate the header and omit it in the
output.
Attached is a patch to the draft.
Best Regards,
Andre
1: https://dkg.fifthhorseman.net/notes/inline-pgp-harmful/
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp