ietf-openpgp
[Top] [All Lists]

Re: [openpgp] incomplete/confusing guidance around "Hash" Armor header for cleartext signing framework

2021-03-18 19:44:03
On 2021-03-18 at 09:46 +0100, Werner Koch wrote:
On Thu, 18 Mar 2021 02:20, Ángel said:

I think the phrase
     - One or more "Hash" Armor Headers,
should have been
     - One or more Armor Headers,

Nope becuase ...

Then it covers other armor headers that may be present, such as
"Charset:", and then it suddenly makes sense the following
discussion

There should be only one Charset header.

No. What I mean is that it only says «One or more "Hash" Armor
Headers,». It doesn't mention other Armor Headers. Charset was an
example I gave of other armor headers that might be there.


And yes, Charset is a weird header. It doesn't make much sense to
define it but say it may be followed or ignored and treated as utf-8
anyway. The sane thing would be to state that when encoding utf-8 MUST
be used, and receivers are not required to implement any other charset.
The behavior if they find a different charset would be up to them, they
could implement more charsets (specially interesting for old content),
show an error message, use a different charset and hope for the best...


In any case, MIME is a way better method to define such
properties.  Better have that only at one place to avoid conflicts -
and the armor header are not protected which has led to questions in
the past.


I'm not so sure. If it's an armored message, the charset header will be
more right than the document MIME. If it's a clearsigned one, then
either of them may be the correct one. The only safe way would be to
specify the same charset in the MIME Content-Type as in the PGP own
Charset heaer, and that such charset is utf-8.


Best regards



_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp