[Top] [All Lists]

Re: Preparing a new draft...

2001-08-23 07:25:11


On the subject of MDC packets, I'd like to note a peculiarity
in the GnuPG implementation, and ask whether others consider
it reasonable, in accordance with the specification.

Here (my perception of) the structure of a integrity-protected
packet sequence:

    SEIP-data packet {
            MDC packet { SHA-1 hash }

The discussion of the SEIP-data packet doesn't say so explicitly,
but the <plaintext> would be an "OpenPGP message" in the
packet sequence grammar.  Is that required, or simply
a convention?

GnuPG encodes the <plaintext> using an old-style indeterminate
length packet.  This requires a parser to carve off the
MDC packet *from the end* in order to properly bound the
interpretation of that packet.  I can think of at least two
approaches to doing so, but neither is very satisfying:

    Use the bounds provided by the outer packet to limit the
    size of the <plaintext> region.  In a recursive filter-style
    parser, this is unnatural -- rather than consuming a generic
    input stream, the parser must also be given the bounds of
    that stream (and that bound must be carried through any
    layers that might reach another parsing step).  Moreover,
    there is no requirement that the outer packet be bounded;
    it could very reasonably use an old-style indeterminate or
    new-style partial-body encoding itself.

    Maintain a 22-byte lookahead buffer.  If the outer packet
    has indeterminate (*or partial-body*) length, and the
    <plaintext> has indeterminate length, this seems to be the
    only viable option.  (If the <plaintext> could be something
    other than a "OpenPGP message", then it is effectively
    indeterminate.  Partial-body encodings present no problem.)

So, my questions are:

    Is the <plaintext> *required* to be an "OpenPGP message"?

    Are indeterminate packets legal inside other indeterminate
    packets?  If not, are they legal inside strictly bounded

Thanks in advance for your thoughts.

Version: PGP Personal Privacy 6.5.3


<Prev in Thread] Current Thread [Next in Thread>