On Wed, Dec 28, 2005 at 10:07:35AM +0100, Daniel A. Nagy wrote:
There's another issue I would like to see cleared up. Right now, I think the
private key format is overspecified. This is especially important, since the
format in the specification has known weaknesses.
I think, it should be ultimately up to each implementation how they store
private keys and it does not affect interoperability. It should be made
clear that private key packets are intended only as an export-import format
and that additional security measures (such as enclosing the whole thing
inside an integrity-protected encrypted packet) are recommended, when
transfering private keys.
Section 3.6 (Keyrings) says:
A keyring is a collection of one or more keys in a file or database.
Traditionally, a keyring is simply a sequential list of keys, but
may be any suitable database. It is beyond the scope of this
standard to discuss the details of keyrings or other databases.
Doesn't that pretty much say what needs to be said? It makes it clear
the standard isn't getting involved in local storage questions.
I don't know about recommending further protection on top of the
current secret key transport format. It strikes me as something
individual implementations can decide on. The standard doesn't forbid
it.
What weakness in the private key format are you referring to?
David