Reading new key packages (Re: Coexistence with OpenPGP/IETF)

Andrew Gallagher andrewg at andrewg.com
Wed Jan 17 09:58:06 CET 2024


On 16 Jan 2024, at 11:48, Nickolay Olshevsky <o.nickolay at gmail.com> wrote:
> 
> From my side there are no additional problems: compared with rfc 4880, where literal fields are not signed at all, this brings at least no less security.

The metadata signing in v5 sigs is sufficient in itself, however we also have to consider the Obeneur downgrade attack, which forces us to drop support for v3 sigs in order to safely handle v5 sigs. It is obviously easier to port metadata protection to v6 than to fix the downgrade attack in v5, and v3 sigs are still widespread in the wild - rpm was generating them until last year, and there are thousands of published v4 keys containing v3 sbinds.

A



More information about the LibrePGP-discuss mailing list