ietf-openpgp
[Top] [All Lists]

Re: [openpgp] A way to securely define cleartext signature charset

2018-09-10 13:24:00
today I struggled for several hours with "charset guessing" code, that handles
cleartext signatures in outlook and I thought that maybe this situation could
be improved a bit in the future?

I'll add a data point. Some years back, the PGP Desktop product added an 
unsigned "Charset" header to its ASCII armor. The result looked like this:

-----BEGIN PGP SIGNATURE-----
Version: PGP SDK 4.2.1
Charset: iso-8859-1

It solved a real-world problem of intermediate software re-writing character 
sets using lossless conversions. It didn't solve the security issue in your 
link to DKG's post. In practice it also didn't avoid 2-pass signature 
verification.

Cheers,
-Neil

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp