Reading new key packages (Re: Coexistence with OpenPGP/IETF)
Werner Koch
wk at gnupg.org
Sat Jan 6 14:47:44 CET 2024
On Fri, 5 Jan 2024 23:18, Heiko Schäfer said:
> How common is the use case of having meaningful metadata for a literal
> data packet?
The major problem here is the one of surprise: You get a report that the
data has been signed and the report also shows the file name as meta
information. It is entirely counter-intuitive that the file name is not
covered by the signature. It is further hard to explain in a report that
one can't rely on the file name or its creation date.
Yes, there are real world scenarios. The use cases come from scenarios
where existing systems are secured by digital signatures or encryption.
Sometimes for messages which are valid only for a few minutes and where
MitM are a real concern due to broadcasting, dead zones, and relaying.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://librepgp.org/pipermail/librepgp-discuss/attachments/20240106/775ddab7/attachment.sig>
More information about the LibrePGP-discuss
mailing list