x488 vs all other : keyid flip
Werner Koch
wk at gnupg.org
Tue Apr 2 16:24:06 CEST 2024
On Tue, 2 Apr 2024 12:39, Andrew Gallagher said:
> Are you saying that this is *not* a novel failure mode? Because we’ve
No. We had v2, v3 and v4 keyes in all kind of combinations in the past
(even as part of subkeys) and back then the two OpenPGP implementations
had no problems with that. The whole point of packet version numbers is
to be able to ignore such packets.
> different version number (since v3 did not support subkeys). Have you
> interop-tested this with other implementations? Besides RNP? What were
If there are new implementaions they should check interop with the
de-facto standards which are PGP, GnuPG and later RNP. There is also
the widely used BouncyCastle library and we have not seen problems with
it except when ppl ignore features of these library.
> 3. The term “OpenPGP” does not belong to GnuPG.
But let me remark for the records that GnuPG has been the entity which
always used the term /OpenPGP/ instead of /PGP/ or - as many Linux
people did - the term /GPG/ keys. Thus we, and in particular me,
stressed that this is the OpenPGP standard which GnuPG implements,
popularized, took care, and pride of. Sure it does no "belong" to us or
anyone - it is term without having a trademark. OTOH, tehre is a
respoisbility here to keep the repudiation of that standard high - this
is what the /current OpenPGP WG participants/ don't a do anymore since
fall 2021.
> And I notice that you have not addressed the most important point in
> my last email:
>
>> how should an implementation behave if it wants to support both the
>> librepgp and crypto-refresh specs?
That is up to those implementaions who want to destroy a solid standard.
Why should I help them? This is a GnuPG mailing list and you are
welcome to discuss technical details of stuff relevant to GnuPG and
OpenPGP (up to fall 2021). Everything else is better addressed to the
crypto-refresh commitee.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240402/95969ec8/attachment.sig>
More information about the Gnupg-users
mailing list