Reading new key packages (Re: Coexistence with OpenPGP/IETF)
Heiko Schäfer
heiko at schaefer.name
Fri Jan 5 23:18:14 CET 2024
On 1/3/24 11:05, Andrew Gallagher via LibrePGP-discuss wrote:
> On 3 Jan 2024, at 09:52, Werner Koch <wk at gnupg.org> wrote:
>> Iff we want this feature also for v4 we need to add this complexity.
>> However, in the long run v5 will take over and gives this for free and
>> it will then be mandatory.
> OK, but by this point everyone will presumably have implemented it for
> v4, so the implementation will be a sunk cost. Also, if we store an
> unhashed copy of the metadata in the subpacket rather than a hashed
> copy, it simplifies the implementation of the subpacket, and means we
> don’t need the metdatata in the literal data packet at all, so we can
> zero it, which makes the treatment of detached and attached signatures
> identical, as well as the treatment of v4 and v6 sigs. We could even
> make the subpacket mandatory in v6 if that reduces the number of
> combinations we need to handle.
>
> It’s a different way of approaching the problem, sure. I’m not
> convinced it’s necessarily more complex overall.
While we discuss complexity tradeoffs, I wonder:
How common is the use case of having meaningful metadata for a literal
data packet?
In which scenarios do applications make use of these metadata fields?
More information about the LibrePGP-discuss
mailing list