MDC bug in GPG ?
Michael Young
mwy-gpg41 at the-youngs.org
Wed Aug 21 07:05:02 CEST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Subject: Re: MDC bug in GPG ?
> From: Werner Koch <wk at gnupg.org>
> It is not expected that a packet follows an
> compression packet because the length of the compressed packet is
> implicitly known and all trailing garbage is ignored. Changing this
> is hard and so we better keep it as it is.
I've complained before that I think that depending on the
"implicit length" from a compression packet is bad form,
and is (or should be) disallowed by RFC2440.
Ignoring "trailing garbage" cannot be a good thing. Yes, protocols
can be designed to ignore features intended for future use. But that's
not the case here. It would be a shame to pass up the opportunity to
detect malformed input.
Is your only concern that it's hard to change? If so, would you
accept a contributed change to use a bounded packet? (I don't really
think I'll have the time to do it, but there's no point to my
working on it if you have other objections.)
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
iQA/AwUBPWMRQFMkvpTT8vCGEQIhKACfUGGosVUVyjrkipTeWtdXS6d34iUAoOuF
RScY5qywZYxhMcK9GqzDYlwW
=TAdq
-----END PGP SIGNATURE-----
More information about the Gnupg-devel
mailing list