Questions about LibrePGP specification

Andrew Gallagher andrewg at andrewg.com
Thu Jun 20 20:21:38 CEST 2024


On 20 Jun 2024, at 18:08, Werner Koch via LibrePGP-discuss <librepgp-discuss at librepgp.org> wrote:
> 
> While doing this I realized
> that the the crypto-refresh at some point dropped the hashing of the
> meta data.  This makes support for v6 signatures questionable because it
> is not explainable why a newer signatures format drops a long awaited
> fix for signatures.  In case this bug does not get fixed in the
> crypto-refresh draft it ill be better to remove all mentioning of v6
> signatures.

I think it would be best to remove v6 from the librepgp draft, to avoid any potential confusion from there being two slightly different specifications of v6 signatures in different documents. The wire formats in RFC9580 are not going to be changed at this late stage in the process.

The librepgp draft defines a subpacket for metadata protection in section 5.2.3.33 that could be extended to v6 signatures if required. But in this scenario there is no need to respecify v6 signatures in the librepgp draft, since a reference to RFC9580 would be sufficient.

A




More information about the LibrePGP-discuss mailing list