[1.4.0] hidden recipient vs. ID 00000000

David Shaw dshaw at jabberwocky.com
Fri Jan 28 22:28:04 CET 2005


On Fri, Jan 28, 2005 at 08:48:48PM +0100, Bernd Eckenfels wrote:
> On Fri, Jan 28, 2005 at 03:56:40PM +0100, Janos.Farkas-lists+priv-#RVXrkLgxX70*-gpg-dev at lists.xeon.eu.org wrote:
> > On 2005-01-27 at 15:07:33, David Shaw wrote:
> > > Try the attached patch.  It changes the "no keyid" case to all FFs
> > > instead of zeroes.  All FFs is as good as all zeroes here, especially
> > > since all zeroes is reserved.
> > 
> > It's definitely less disturbing now, thanks! :)
> 
> Is all-FF keyid a valid one? If yes this patch does not make it any better.
> Ie. it makes normal handling worse. Special values and in-band signalling
> sux pretty often.

All-FF and All-00 are both valid.  All-00 is overloaded to mean
"anonymous recipient" on top of its usual meaning.

There is a small problem since a V3 key that isn't RSA is illegal
according to the spec.  Quite literally, they have *no* key IDs.  So
how should it be represented?  The old code represented it as all-00.
The new code represents it as all-FF.  Pick a value.  They all have
problems.

The real answer is to delete illegal keys and/or refuse to import them
(which GnuPG does).  If someone happens to have such a key, well, this
is just as bad as all-00, but at least doesn't break anonymous
messages.

David



More information about the Gnupg-devel mailing list