ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Bug#931238: hot armor: please drop "Version: " header

2019-07-07 13:31:30
That seems almost like a bottomless pit.  Some thoughts (not meant to be
exhaustive):

For messages:

1. The embedded timestamp and filename in a literal data packet.
2. The block sizes for partial data packets, and when they are used.
3. The signature subpackets used and their order (hashed and unhashed).
4. Possibly the details of the compression.
5. The length of the base64 encoding.
6. Potentially the order of signature packets.
7. The value of any quick check bytes (some implementations set them to
invalid values to discourage checking them).

For keys:

1. Again the signature subpackets used and their order.
2. Potentially the details of the user id.
3. Algorithm and other preferences and flags.
4. The cryptographic parameters of public keys (RSA exponent etc)
5. S2K count.
6. Possibly resolution of any timestamps.

On 7/6/19 3:55 PM, Heiko Stamer wrote:
On 06 July 2019 at 15:39, Clint Adams wrote:

On Fri, Jun 28, 2019 at 05:38:36PM -0400, Daniel Kahn Gillmor wrote:
"hot armor" currently adds a comment line to its enarmored content:

Version: hot 0.21.3

Best practices these days omits indicators of what particular OpenPGP
implementation is in use.   Please do not emit it by default!

Should rfc4880bis deprecate this?

There are many other indicators of a particular OpenPGP implementation
(e.g. DKGPG uses four-octet packet lengths). If a somehow uniform
encoding is desired, then IMO a new section "Privacy Considerations"
should be added to rfc4880bis.

--
Heiko

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp


-- 
Dipl.-Math. Marcus Brinkmann

Lehrstuhl für Netz- und Datensicherheit
Ruhr Universität Bochum
Universitätsstr. 150, Geb. ID 2/461
D-44780 Bochum

Telefon: +49 (0) 234 / 32-25030
http://www.nds.rub.de/chair/people/mbrinkmann

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp