Reading new key packages (Re: Coexistence with OpenPGP/IETF)
Andrew Gallagher
andrewg at andrewg.com
Wed Jan 17 17:54:58 CET 2024
On 17 Jan 2024, at 16:39, Werner Koch <wk at gnupg.org> wrote:
>
> On Wed, 17 Jan 2024 08:58, Andrew Gallagher said:
>
>> drop support for v3 sigs in order to safely handle v5 sigs. It is
>> obviously easier to port metadata protection to v6 than to fix the
>
> In LibrePGP we don't support v6. Period.
That’s not what it says in draft-koch-librepgp-00 section 5.2.3:
> The body of a V4, V5, and V6 Signature packet contains:
> • One-octet version number. This is 4 for V4 signatures, 5 for V5 signatures, and 6 vor V6 signature.
https://datatracker.ietf.org/doc/html/draft-koch-librepgp#section-5.2.3
>> rpm was generating them until last year, and there are thousands of
>> published v4 keys containing v3 sbinds.
>
> v3 signature don't have subpackets and thus they can't be used to create
> v4 keys. v3 keys are anyway deprecated and in GnuPG there is even no
> more support for them.
Encryption subkey sbinds don’t need subpackets (they can’t generate primary key binding sigs), and I recently had to soft-fork go-crypto in order to correctly parse wild v4 keys containing v3 encryption subkey sbinds.
Yes, v3 keys are deprecated but v3 signatures will (unfortunately) be with us for some time yet.
A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://librepgp.org/pipermail/librepgp-discuss/attachments/20240117/0d1b5f93/attachment.sig>
More information about the LibrePGP-discuss
mailing list