ietf-openpgp
[Top] [All Lists]

Re: critical bit (5.2.3.1)

1998-09-30 13:55:26
At 10:38 AM 9/30/98 +0200, Werner Koch wrote:
   
   Can we restrict the SHOULD to hashed subpackets?  Otherwise it is
   easy to invalidate a signature by setting the critical bit in a
   unhashed subpacket.
   
Remember what SHOULD means:

3. SHOULD   This word, or the adjective "RECOMMENDED", mean that there
   may exist valid reasons in particular circumstances to ignore a
   particular item, but the full implications must be understood and
   carefully weighed before choosing a different course.

If you, as a developer, believe that there is greater danger in the
potential denial-of-service attack from critical unhashed subpackets than
there is value from them, you are free to ignore it.

        Jon



-----
Jon Callas                                  jon(_at_)pgp(_dot_)com
CTO, Total Network Security                 3965 Freedom Circle
Network Associates, Inc.                    Santa Clara, CA 95054
(408) 346-5860                              
Fingerprints: D1EC 3C51 FCB1 67F8 4345 4A04 7DF9 C2E6 F129 27A9 (DSS)
              665B 797F 37D1 C240 53AC 6D87 3A60 4628           (RSA)

<Prev in Thread] Current Thread [Next in Thread>