Hi Jon, Neil,
thanks for your comments!
On Monday, September 10, 2018 4:53:03 PM CEST Jon Callas wrote:
On Sep 10, 2018, at 11:23 AM, Neil Hunsperger
<Neil_Hunsperger=40symantec(_dot_)com(_at_)dmarc(_dot_)ietf(_dot_)org> wrote:
I'll add a data point. Some years back, the PGP Desktop product added an
unsigned "Charset" header to its ASCII armor. The result looked like this:
That would also be an option. I don't prefer it because it would be unsigned
but it would already help with usability issues.
And for what it’s worth, section 6.2 of RFC 4880 says:
- "Charset", a description of the character set that the plaintext
is in. Please note that OpenPGP defines text to be in UTF-8. An
implementation will get best results by translating into and out
of UTF-8. However, there are many instances where this is easier
said than done. Also, there are communities of users who have no
need for UTF-8 because they are all happy with a character set
like ISO Latin-5 or a Japanese character set. In such instances,
an implementation MAY override the UTF-8 default by using this
header key. An implementation MAY implement this key and any
translations it cares to; an implementation MAY ignore it and
assume all text is UTF-8.
There is indeed very little definition in this section,...
However, there are many instances where this is easier
said than done.
And that is the problem. E.g. a webmailer in which you paste UTF-8 Text, then
the webmailer sees that it can encode that message as latin 1 and sends it as
latin 1. Now on the receiving side you have a content-type saying "latin 1"
but the message was actually signed in UTF-8. And so you have to "try"
multiple charsets if you whish to verify the message (as it could also be
signed as latin1).
All those MAYs are there because of the real world considerations.
Well, my proposed change would be optional. Without the "Charset" in the
message an implementation would fallback to the "do what you want" guessing
game with all these MAYs :-)
People still use JIS all over the place, for example, and this allows them
to mark their text and have it work correctly. (That’s why we put it in both
the standard and software. The examples of Latin-5 and JIS were real.) On
the other hand, there was a completely reasonable objection that there are
not only silly character sets that one could make up (nods to the computer
language “Whitespace”), and real-world issues of what happens when the
diehard Latin-5 people start sending messages to the diehard JIS people, and
the resulting N^2 testing matrix.
I'm not sure if you say that we should not add standardized way to define the
charset for cleartext signatures or that we should?
I don't really see the problem of either silly character sets or Latin-5 / JIS
messages. As long as It can be converted to the display charset / for passage
through the openpgp engine it should be ok.
Thus, this section lets an implementation throw its hands up in the air and
scream wherever and whenever it wants, while giving a decent way to
clearsign Japanese text.
Yeah, but from a usability standpoint I do not like guessign, screaming and
failing if it can be avoided at all :-).
Best Regards,
Andre
--
Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
signature.asc
Description: This is a digitally signed message part.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp