Feature suggestion: options to require MDC or trusted signature on decryption

Werner Koch wk at gnupg.org
Thu May 31 20:44:05 CEST 2018

On Thu, 31 May 2018 16:51, patrick at enigmail.net said:

> May I suggest that for GnuPG 2.3 you implement some more rules? For example:
> * refuse encrypting emails if MDC is not enabled in the key prefs

RFC-4880 can be read to allow using MDC even without the feature flag.
For RFC-4880bis non-MDC will be deprected:

  This packet is obsolete.  An implementation MUST not create this
  packet.  An implementation MAY process such a packet but it MUST
  return a clear diagnostic that a non-integrity protected packet has
  been processed.  The implementation SHOULD also return an error in
  this case and stop processing.

> * remove options like --ignore-mdc-error, --ignore-mdc-warning and
>   --allow-multiple-messages, or at least require them to be combined
>   with something like --dangerous-options

Already done.  The MDC options in 2.3 and 2.2 are now NOPs.  The
allow-multiple options and the --pgpg6 options are NOPs in 2.3.  For
testing --rfc2440 can be used which has always had the effect not to
create an MDC.



#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180531/aa305b3e/attachment-0001.sig>

More information about the Gnupg-devel mailing list