At 10:22 AM 30/10/2000 -0800, hal(_at_)finney(_dot_)org wrote:
Erron writes:
> We have been reading a public key-ring and have noticed that the CTB for
> the user id is:
>
> 10110101 that says:
>
> 10: Version 3 header
> 1101: User ID packet
> 01: 2 octet length
>
> Now when I read the "File Formats Used by PGP 2.x", it says (under the
User
> ID packet) that a User ID packet has a length of 1 octet.
If the CTB says there is a two byte length, there better be a two byte
length. It doesn't matter what "File Formats used by PGP 2.x" says,
after all, this CTB may not have been created by PGP 2.x.
not in this case.
Was there in fact a two byte length in this userid packet?
no.
I.e. did the next two bytes look like a reasonable length field? If
so, just use them.
If not, then it's a bad keyring.
The version 3 CTB's last 2 bits were 01, indicating a two byte length
field, however there was only one length byte (this worked in with the
length of the User ID field (39 octets)).
Has anyone else any comments on this?
This key-ring that was extracted is from any one of the key-servers located at:
http://math-www.uni-paderborn.de/pgp/ or:
http://www.rediris.es/cert/index.en.html or:
http://keys.pgp.com:11371/ (the NAI server!)
using the keyword of:
0xFC4CC190
As many PGP key-servers contain this key-ring with a 2 byte length
identifier in the CTB (see http://www.openpgp.net/pgpsrv.html) and a 1 byte
length identifier for the actual User ID packet, what should we do? Should
we accept it or have all the keyservers change their software so they check
each transferred key-ring for mistakes like these? The latter seems a very
large task.
Or is it easier to assume a 1 octet length indentifier for the User ID?
Regards
Erron Criddle
Comasp Ltd.
Level 2, 45 Stirling Hwy
NEDLANDS WA 6009
Australia
Fax: +61 8 9386 9473
Tel: + 61 8 9386 9534
http://www.comasp.com
ejc(_at_)comasp(_dot_)com