Reading new key packages (Re: Coexistence with OpenPGP/IETF)

Werner Koch wk at gnupg.org
Sun Jan 7 15:59:10 CET 2024


On Sun,  7 Jan 2024 02:52, Heiko Schäfer said:
> As you pointed out, the crypto-refresh draft doesn't currently define
> a mechanism for securing literal metadata (presumably because this was

To get the record straight: It was willfully removed after the
implementers had implemented v5 signatures more than 2 years ago.  There
is a reason that we listed this as one of the critique points on the
crypto-refresh draft updates and the forthcoming RFC.

FWIW, the V5 signature format was first specified in
draft-ietf-openpgp-rfc4880bis-06.txt (November 2018).  A sample
signature was then posted the next March.  This was at a time the WG was
bike-shedding over chunk sizes and discussing a proposal to remove
compression support.


Shalom-Salam,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://librepgp.org/pipermail/librepgp-discuss/attachments/20240107/43a2cb3f/attachment.sig>


More information about the LibrePGP-discuss mailing list