Reading new key packages (Re: Coexistence with OpenPGP/IETF)
Andrew Gallagher
andrewg at andrewg.com
Wed Jan 3 11:05:54 CET 2024
On 3 Jan 2024, at 09:52, Werner Koch <wk at gnupg.org> wrote:
>
> On Tue, 2 Jan 2024 15:42, Andrew Gallagher said:
>
>> Are you saying that implementing the same integrity check method for
>> both v4 and v6 sigs is *more* complex than the alternative? I don’t
>
> Iff we want this feature also for v4 we need to add this complexity.
> However, in the long run v5 will take over and gives this for free and
> it will then be mandatory.
OK, but by this point everyone will presumably have implemented it for v4, so the implementation will be a sunk cost. Also, if we store an unhashed copy of the metadata in the subpacket rather than a hashed copy, it simplifies the implementation of the subpacket, and means we don’t need the metdatata in the literal data packet at all, so we can zero it, which makes the treatment of detached and attached signatures identical, as well as the treatment of v4 and v6 sigs. We could even make the subpacket mandatory in v6 if that reduces the number of combinations we need to handle.
It’s a different way of approaching the problem, sure. I’m not convinced it’s necessarily more complex overall.
A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://librepgp.org/pipermail/librepgp-discuss/attachments/20240103/bea588fa/attachment.sig>
More information about the LibrePGP-discuss
mailing list