ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: implementing backwards compatibility

1998-04-29 00:48:39
from [Werner Koch] [Permanent Link] 
Adam Back <aba(_at_)dcs(_dot_)ex(_dot_)ac(_dot_)uk> writes:


you to draw the line at this kind of thing.  It seems that pgp-2.6.x
formats were not designed with enough forward compatibility in mind to
allow doing this kind of thing without resorting to overloading


This is true for the implemenations of pgp2.x but not for the
packet format as described in the rfc.  This format is as
extensible as OpenPGP (see algorithm identifiers and reserved values
in the header) although there are some problems with the grammar
of the packet sequence.  There is no reason for a PGP 2 program not
to work with other rfc1991 implementations, it should just print
a warning that that and that algorithm is not supported and 
decryption/verification is not possible.  The new packet formats 
for packet types > 15 are a problem but as long as they are put
at the end of a message, a pgp 2 app should print a warning that 
a newer version is needed (pgp2 does so in some cases).


Werner









comment fields.

In summary IF the openPGP application chooses to implement the MAY
cipher RSA and the MAY cipher IDEA, then you can have backwards
compatibility with pgp-2.6.x.

This doesn't necessarily work with multiple crypto recipients, but we
already have problems with that: when one recipient can only cope with
IDEA because he has a pgp-2.6.x client, and another recipient has
implemented only the MUST options of openPGP you have no overlap in
cipher suite.  (ie using 3DES no longer works because pgp-2.6.x can't
understand it, etc).


As a comment to Hal and Jon, I think that the PGP implementation could
use some improvement in the area of auto-detecting pgp-2.6.x and
reacting accordingly -- I receive messages from people using pgp-5.x
with RSA implemented, and the message is RSA and IDEA encrypted but
has (I think) DSA signatures contained even though the user also has
an RSA key.  (Either that or is inserting a pgp5.x only packet which
otherwise throws pgp-2.6.x).

Adam
-- 
print pack"C*",split/\D+/,`echo "16iII*o\U(_at_){$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: implementing backwards compatibility (Re: Some suggestions), dontspam-tzeruch
Next by Date:  Re: implementing backwards compatibility, Adam Back
Previous by Thread:  Re: implementing backwards compatibility (Re: Some suggestions), dontspam-tzeruch
Next by Thread:  Re: implementing backwards compatibility, Adam Back
Indexes:  [Date] [Thread] [Top] [All Lists]