Series of minor questions about OpenPGP 1
David Shaw
dshaw at jabberwocky.com
Tue Jan 27 04:57:37 CET 2009
On Jan 26, 2009, at 6:15 PM, Peter Thomas wrote:
> On Mon, Jan 26, 2009 at 11:31 PM, David Shaw <dshaw at jabberwocky.com>
> wrote:
>> No, they don't have a concept of a packet type above 15. There are
>> only 4 type bits in the old-style packet header. :)
> Yes, that was clear
>
>> Old programs will basically blow up if they see something they don't
>> understand. There is a special packet, the Marker Packet (tag 10)
>> which basically exists to make PGP 2.x print out "You need a newer
>> version of PGP" before PGP 2.x would blow up.
> My intention (and also behind the question whether there is something
> like the critical bit for packet types) is this:
> Suppose a new packet type (above 15) is added which is VERY critical
> for the security, meaning that it would be very very bad if some
> implementation isn't able to interpret it.
> Is it secured that those applications will blow up, give errors etc.?
They should at least fail - a new style RFC-4880 (or 2440) packet (of
any type) is unreadable by an old RFC-1991 program. It simply won't
be meaningful. At to *how* it will fail, that depends on the program.
The point of the Marker Packet is to force a graceful failure early.
> If not (and that was my motivation behind the general usage of new
> packet headers) it would be better if no packet type (even those below
> 16) are understood by these legacy applications and thus the whole
> key/message would be unusable for them.
If there was such a situation, then forcing the use of a new packet
header would certainly break old programs, but this isn't sufficient:
most programs understand new packet headers, but they may not
understand your new packet type. Or put another way - you can't solve
that problem with packet headers.
David
More information about the Gnupg-users
mailing list