ietf-openpgp
[Top] [All Lists]

Re: critical bit (5.2.3.1)

1998-09-30 07:42:27
Werner Koch, <wk(_at_)isil(_dot_)d(_dot_)shuttle(_dot_)de>, writes:
From section 5.2.3.1:

Bit 7 of the subpacket type is the "critical" bit.  If set, it
denotes that the subpacket is one that is critical for the evaluator
of the signature to recognize.  If a subpacket is encountered that
is marked critical but is unknown to the evaluating software, the
evaluator SHOULD consider the signature to be in error.

Can we restrict the SHOULD to hashed subpackets?  Otherwise it is
easy to invalidate a signature by setting the critical bit in a
unhashed subpacket.

I'm not sure what issue you are concerned with;

If I create a signature and set the critical bit on an unhashed packet,
it means that I want you to understand that packet before you accept
the signature.  So in this case it is my desire that the signature should
be invalidated if you don't understand the packet.

If an attacker tries to make a signature invalid by adding an unhashed
packet with the critical bit set, he could have just as easily modified
some part of the hashed region, or the signature itself.

Hal

<Prev in Thread] Current Thread [Next in Thread>