In <v04205504b3a8704d9f84(_at_)[199(_dot_)106(_dot_)106(_dot_)131]>, on
07/07/99
at 12:07 PM, "John W. Noerenberg" <jwn2(_at_)qualcomm(_dot_)com> said:
At 2:11 PM -0700 6/19/99, Jon Callas wrote:
Bill, the only difference between a V4 sig and a V5 sig is changing the
length field. The only place that really needs these is standalone
signatures, (and arguably not even them -- you are after all making that
very argument).
Well, you have to identify the signature type, too. However the changes
sound minimal.
How many implementors are interested in supporting this? What bad thing
happens when an implementation meets a v5 packet it doesn't know how to
swallow? Will implementations be able to skip over them?
I don't know what other developers are doing but IMHO no program should
crash because of input data. It is a design failure if they do. Then again
in this day and age where program quality takes a back seat to marketing
it is an all too common problem. :(
--
---------------------------------------------------------------
William H. Geiger III http://www.openpgp.net
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii
Hi Jeff!! :)
---------------------------------------------------------------