From the current draft:
| 3.2. Multi-Precision Integers
| The length field of an MPI describes the length starting from its
| most significant non-zero bit. Thus, the MPI [00 02 01] is not
| formed correctly. It should be [00 01 01].
I think it's worthwhile to point out that MPIs with an arbitrary
number of leading zeroes might legitimately occur inside V3 secret key
packets. Perhaps it's even necessary to amend section 5.5.3 to
clarify this issue (i.e. that leading zeroes MUST NOT be stripped in
this case).
Well, maybe it's a good idea to stress already in section 3.2 that
implementations must be able to handle overlong MPI values
transparently.
(As you might guess, there's at least one implementations which gets
this wrong. ;-)
--
Florian Weimer
Florian(_dot_)Weimer(_at_)RUS(_dot_)Uni-Stuttgart(_dot_)DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898