MDC bug in GPG ?

Michael Young mwy-gpg41 at
Wed Aug 21 07:05:02 CEST 2002

Hash: SHA1

Subject: Re: MDC bug in GPG ?

> From: Werner Koch <wk at>
> It is not expected that a packet follows an
> compression packet because the length of the compressed packet is
> implicitly known and all trailing garbage is ignored.  Changing this
> is hard and so we better keep it as it is.

I've complained before that I think that depending on the
"implicit length" from a compression packet is bad form,
and is (or should be) disallowed by RFC2440.

Ignoring "trailing garbage" cannot be a good thing.  Yes, protocols
can be designed to ignore features intended for future use.  But that's
not the case here.  It would be a shame to pass up the opportunity to
detect malformed input.

Is your only concern that it's hard to change?  If so, would you
accept a contributed change to use a bounded packet?  (I don't really
think I'll have the time to do it, but there's no point to my
working on it if you have other objections.)

Version: PGP Personal Privacy 6.5.3


More information about the Gnupg-devel mailing list