Reading new key packages (Re: Coexistence with OpenPGP/IETF)
Nickolay Olshevsky
o.nickolay at gmail.com
Tue Jan 16 12:48:47 CET 2024
I mean problems which were brought in the aforementioned thread (quoting
Daniel):
> - it's not clear how to populate the fields in an encrypt-then-sign
> scenario
> - they make it impossible to be able to cleanly detach and reattach
> signatures
> - when those fields are sometimes signed (v5) and sometimes not (v4),
> it's difficult to act on them safely
All of these may be resolved on implementation level, not the standard
level.
From my side there are no additional problems: compared with rfc 4880,
where literal fields are not signed at all, this brings at least no less
security.
On 15.01.2024 20:51, Andrew Gallagher wrote:
>> As for me it looks good as would solve problems brought up in the list (however, I doubt whether those problems are real).
> Which particular problems do you mean? At least one implementation says they implement reattachment of detached signatures; I’m not sure about the rest though.
>
> A
--
Best regards,
Nickolay Olshevsky
o.nickolay at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://librepgp.org/pipermail/librepgp-discuss/attachments/20240116/c619db3b/attachment.html>
More information about the LibrePGP-discuss
mailing list