ietf-openpgp
[Top] [All Lists]

Re: about MDCs etc (Re: Long Holiday?)

1998-07-14 17:38:45
At 07:57 PM 7/14/98 +0100, Adam Back wrote:
   
   I didn't suggest that MDCs go into 1.0 in the last round.  What I
   suggested was that the following be verified:
   
        that when processing a message containing signatures a 1.0
        implementation MUST continue to emit plaintext (ie fail
        gracefully) in the presence of signature algorithms it does
        not recognise.
   
   this readily allows adding MDCs or other signature algorithms in
   version 1.1, and ensures backwards compatibility is possible.
   
Sure, but I don't think we need to add anything. If someone writes an
implementation that (for instance) bus errors when it receives an algorithm
encrypted with AES (which I pick because we all know it's going to go in,
but it isn't there now), then the implementation is clearly broken. 

Signatures are different because there's a meaningful thing to do -- emit
plaintext, and shrug over the sig -- which is a little different than the
crypto, or compression, or whatever. But nonetheless, there are many
failure and partial failure conditions, and an implementation that doesn't
fail gracefully is broken.

This spec isn't a how-to-program manual, it's a format specification. By
necessity it tells you a lot of what to do with the format, but there's a
lot that this document can't tell an implementor.

        Jon



-----
Jon Callas                                  jon(_at_)pgp(_dot_)com
CTO, Total Network Security                 3965 Freedom Circle
Network Associates, Inc.                    Santa Clara, CA 95054
(408) 346-5860                              
Fingerprints: D1EC 3C51 FCB1 67F8 4345 4A04 7DF9 C2E6 F129 27A9 (DSS)
              665B 797F 37D1 C240 53AC 6D87 3A60 4628           (RSA)