coping with unknown keywords on --status-fd
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Sep 15 23:39:43 CEST 2016
hi folks--
Is it safe for a program that is interacting with GnuPG to ignore status
keywords that it gets but doesn't understand?
DETAILS says:
an application should always be prepared to see new
keyworkds or more arguments in future versions.
(i think that means "keywords", but i missed it in my recent spelling
cleanup)
What does "prepared to see" mean? does it mean "can safely ignore" ?
Is this always going to be the case? If so, can we commit to it
explicitly in DETAILS?
Recent versions of GnuPG emit KEY_CONSIDERED status lines, which does
seem like it could be safely ignored.
But consider the situation where a list of keys that are known to be bad
is introduced (imagine someone publishes corresponding secret key
material, based on a bad system RNG in some OS). If GnuPG were to have
access to such a blacklist, i can imagine a future version of GnuPG
emitting a new status line like KEY_KNOWN_BAD, during signature
validation, but this would not be safe to ignore.
Or, would GnuPG emit a BADSIG instead of of a VALIDSIG in this case, in
addition to a new KEY_KNOWN_BAD line?
The clearer we are about what the project commits to going forward, the
less brittle and more forward-compatible any downstream dependencies
will be.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: </pipermail/attachments/20160915/5b23cc8b/attachment.sig>
More information about the Gnupg-devel
mailing list