potential IETF WG incompatibility with GnuPG 2.3
Bernhard Reiter
bernhard at intevation.de
Thu Dec 15 09:21:41 CET 2022
Am Dienstag 13 Dezember 2022 12:33:35 schrieb Neal H. Walfield:
> koo is out of spec, because it delivers certificates without User IDs
> (1). It come into spec by inserting a null User ID without a self
> signature (2).
Though that seems to be a mechanistic compliance, which does not make
much sense. So I'd still consider this out of speficiation because
the user ID would be useless and obviously not performing the intentions
expressed in RFC4880.
> As I understand it, gpg would treat that (2) the same
> way as it treats a certificate without any User IDs (1).
If this is the case (which I do not know for sure), it looks like a good
decision for an implementation which stays in line with the purpose of
what the User ID was meant for in the specification (and real use).
Regards
Bernhard
--
https://intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20221215/1f8d91a5/attachment.sig>
More information about the Gnupg-devel
mailing list