Feature suggestion: options to require MDC or trusted signature on decryption
Werner Koch
wk at gnupg.org
Thu May 31 20:44:05 CEST 2018
On Thu, 31 May 2018 16:51, patrick at enigmail.net said:
> May I suggest that for GnuPG 2.3 you implement some more rules? For example:
> * refuse encrypting emails if MDC is not enabled in the key prefs
RFC-4880 can be read to allow using MDC even without the feature flag.
For RFC-4880bis non-MDC will be deprected:
This packet is obsolete. An implementation MUST not create this
packet. An implementation MAY process such a packet but it MUST
return a clear diagnostic that a non-integrity protected packet has
been processed. The implementation SHOULD also return an error in
this case and stop processing.
> * remove options like --ignore-mdc-error, --ignore-mdc-warning and
> --allow-multiple-messages, or at least require them to be combined
> with something like --dangerous-options
Already done. The MDC options in 2.3 and 2.2 are now NOPs. The
allow-multiple options and the --pgpg6 options are NOPs in 2.3. For
testing --rfc2440 can be used which has always had the effect not to
create an MDC.
Salam-Shalom,
Werner
--
# Please read: Daniel Ellsberg - The Doomsday Machine #
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180531/aa305b3e/attachment-0001.sig>
More information about the Gnupg-devel
mailing list