coping with unknown keywords on --status-fd

Neal H. Walfield neal at walfield.org
Sat Sep 17 11:16:21 CEST 2016


On Sat, 17 Sep 2016 10:26:35 +0200,
Werner Koch wrote:
> On Fri, 16 Sep 2016 22:39, dkg at fifthhorseman.net said:
> 
> > This is a lot like the "critical" flag in OpenPGP subpackets.  I
> 
> Indeed, however this is not really helpful because the most common
> problem are wrong implementations and not missing new keywords.  Anyway,
> if we want to do an backward incompatible change (which is what the
> introduction of a '!' means) we have easier way to do that.  The
> simplest would be to renamed the --status-fd option or to rename
> expected status keywords.

I'm not sure your suggestions are the best way to address Daniel's
concerns.  In his original mail, he writes:

  What does "prepared to see" mean?  does it mean "can safely ignore"
  [unknown keywords]?
  
  But consider the situation where a list of keys that are known to be bad
  is introduced (imagine someone publishes corresponding secret key
  material, based on a bad system RNG in some OS).  If GnuPG were to have
  access to such a blacklist, i can imagine a future version of GnuPG
  emitting a new status line like KEY_KNOWN_BAD, during signature
  validation, but this would not be safe to ignore.

I think renaming --status-fd to deal with this is disproportionate and
ought to be avoided.  Also, I don't see how renaming a keyword would
help here.  But, something like a critical flag would allow an
application / gpgme to know that if it receives !KEY_KNOWN_BAD, it
should refuse to continue, even if it doesn't understand the
KEY_KNOWN_BAD keyword.

:) Neal



More information about the Gnupg-devel mailing list