ietf-openpgp
[Top] [All Lists]

Some spec nits and other things

1998-05-09 16:33:37
Actually there is one probabilistic implementation nightmare if you have
multiple passphrases.  The only way of testing validity is if the last
pair of bytes are the same as the penultimate pair.  This might happen at
random though rarely.  Technically you must try all passphrases, and if
more than one passes the header test, you need to do both and ask "which
one is right".  The new SKESKs really should also be CRCed, which would
require two very lucky collisions which should be well beyond probability. 

For intra signature packets, it would help if the implementation SHOULD
place the two MUST packets, creation time and keyid, at the beginning of
the hashed area in that order.  This would make the keyid bytes occur at a
fixed location (and the previous two bytes could be used as a check). 
Having to parse through a lot of junk to find the keyid is nasty. 

One final signature packet issue is that I don't know if it says anywhere
that you can't have duplicate or conflicting packets (e.g. two preference
packets, one saying CAST, the second IDEA, the third CAST/IDEA). 
Strictly, it should be obvious for some that they should be unique.  But
as an example, what about a V3 RSA keyid, and a V4 RSA keyid (for the
differing IDs for the same key material).  I can see this being a valid
usage.

--- reply to tzeruch - at - ceddec - dot - com ---


<Prev in Thread] Current Thread [Next in Thread>