aboietf(_at_)redtenbacher(_dot_)de wrote:
As I either have to find a solution to this interoperability problem
or have to prove to the company that their setup is insecure, I would
be very happy about any answers to the above questions.
Wolfgang,
I'm afraid you are on the pointy end of a sharp stick.
You are right that it is not strictly illegal, but as
Lutz says, it will become illegal at some hopefully near
stage. To all intents and purposes, it is already illegal
structure, de facto, and you can expect no current or
future OpenPGP product to accept it.
The reason for this is complexity: OpenPGP's key structure
is a bit of a mess. There is way too much freedom, in all
the options and subpackets and arrays of packets and what
have you.
At a data level, this is fine, wonderful, uplifting, even.
But at the level of security coding, this is a nightmare.
In practice, in a secure program, every little execption
adds to every other little exception to create the
potential for a security failure. Either we have to as
a community deal with the interrelated exceptions - all
of them, in every body of code - or we have to remove
the exceptions.
The latter course is compelling, and in this particular
case, the group debated the self-signed issue a year or
so back, and came to the conclusion to deprecate un-self-
signed keys.
For your company - it is a matter of explaining that
they are technically secure, but they will not inter-
operate. Their keys have been "declared unsafe".
That doesn't mean it is insecure. Consider it like
taking the Mercedes in for the registration check and
being told the brake lines need to be replaced. You
know the lines are good for another 5 years, but once
the standard is in place, that's it. Out they go.
If they don't want to interoperate, then that's fine.
But, if they want to interoperate, they have to do it
on both the basis of security *and* the standard.
iang
PS: it would seem that a much bigger problem for them,
if they *do* want to interoperate, is that they want to
move over to V4 keys at some stage. So maybe the way
to approach this is to leave the V3 keys in place, and
start issuing V4 keys in the future?