coping with unknown keywords on --status-fd
Neal H. Walfield
neal at walfield.org
Sat Sep 17 11:16:21 CEST 2016
On Sat, 17 Sep 2016 10:26:35 +0200,
Werner Koch wrote:
> On Fri, 16 Sep 2016 22:39, dkg at fifthhorseman.net said:
>
> > This is a lot like the "critical" flag in OpenPGP subpackets. I
>
> Indeed, however this is not really helpful because the most common
> problem are wrong implementations and not missing new keywords. Anyway,
> if we want to do an backward incompatible change (which is what the
> introduction of a '!' means) we have easier way to do that. The
> simplest would be to renamed the --status-fd option or to rename
> expected status keywords.
I'm not sure your suggestions are the best way to address Daniel's
concerns. In his original mail, he writes:
What does "prepared to see" mean? does it mean "can safely ignore"
[unknown keywords]?
But consider the situation where a list of keys that are known to be bad
is introduced (imagine someone publishes corresponding secret key
material, based on a bad system RNG in some OS). If GnuPG were to have
access to such a blacklist, i can imagine a future version of GnuPG
emitting a new status line like KEY_KNOWN_BAD, during signature
validation, but this would not be safe to ignore.
I think renaming --status-fd to deal with this is disproportionate and
ought to be avoided. Also, I don't see how renaming a keyword would
help here. But, something like a critical flag would allow an
application / gpgme to know that if it receives !KEY_KNOWN_BAD, it
should refuse to continue, even if it doesn't understand the
KEY_KNOWN_BAD keyword.
:) Neal
More information about the Gnupg-devel
mailing list