Miscellaneous questions

Robert J. Hansen rjh at sixdemonbag.org
Wed Apr 16 03:35:46 CEST 2008

Christoph Anton Mitterer wrote:
> But it does not say that it has to contain the must-have algos.

As has been mentioned here at least twice now, see section 13.2, where
it explicitly says if the MUSTs are not listed, they are tacitly listed.

I do not understand how much clearer I can make this.  By the plain
black-letter of RFC4880, the MUST algorithms are always present.
Always.  If you want this to change, take it to the WG.

> I think this passage is very strongly influenced from a developers view:
> Tacitly (implicit) at the _end_ simply says,... by putting 3DES at the
> end we automatically have a fallback if no other algorithm is found,
> without the need of any code.

It's unwise to ascribe semantic meaning to a syntactic specification.
The specification says what it says: nothing more, nothing less.

> Even if those subpacktes would be used in my suggested way, each
> implementation would know "Nanana, 3DES is a fallback, so in each case I
> can find my algorithm match", but in addition to that a user could force
> his implementation (via a non conforming switch) to ignore that fallback
> stuff, and just look at the preference. If he'll have problems with this
> (interoperability) it's his own problem.

Arguing "GnuPG should support a nonconformant extension to the spec" is
probably not going to get much of anywhere.

> But I'd like to know it this leads to improved security or not:

Define "security" first.

More information about the Gnupg-users mailing list