ietf-openpgp
[Top] [All Lists]

[ISSUE] V2 PKESK advice is not correct

2005-01-22 07:50:59

In section 14 of bis-12, one of the "Implementation Nits", after
mentioning that V2 and V3 keys are identical except for the version
number, adds:

  Similarly, these versions generated V2 PKESK packets (Tag 1). An
  implementation may accept or reject V2 PKESK packets as it sees fit,
  and MUST NOT generate them.

While the V2 and V3 Public Key Packets are indeed identical except for
the version number, this is not true for the V2 and V3 PKESK packets.
Somewhere in the PGP 2.3 timeframe, the encoding of the session key
was changed, but the PKESK version number was not changed.  Thus there
are pre-2.3 V2 PKESK packets that are not identical to post-2.3 V2
PKESK packets.

Rather than documenting all that in 2440bis and giving the different
encodings, and since V2 packets are well beyond deprecated at this
point, I suggest just dropping the whole sentence beginning
"Similarly, these versions generated V2...."

David


<Prev in Thread] Current Thread [Next in Thread>
  • [ISSUE] V2 PKESK advice is not correct, David Shaw <=