I forgot to reply-all
Jon
Begin forwarded message:
From: Jon Callas <jon(_at_)callas(_dot_)org>
Date: 8 May 2006 2:40:03 PM PDT
To: Hal Finney <hal(_at_)finney(_dot_)org>
Subject: Re: Mistake in section 5.3, also in RFC2440
On 25 Apr 2006, at 7:28 PM, Hal Finney wrote:
I noticed that the language in section 5.3 on Symmetric-Key Encrypted
Session Key packets is not right:
5.3. Symmetric-Key Encrypted Session Key Packets (Tag 3)
The Symmetric-Key Encrypted Session Key packet holds the
symmetric-key encryption of a session key used to encrypt a
message.
Zero or more Encrypted Session Key packets and/or Symmetric-Key
Encrypted Session Key packets may precede a Symmetrically
Encrypted
Data Packet that holds an encrypted message.
The second sentence should begin "Zero or more Public-Key Encrypted
Session Key packets and/or Symmetric-Key Encrypted Session Key
Packets..."
It left off "Public-Key" and just refers to "Encrypted Session Key
packets" which is not a packet type. In particular, referring to
"Encrypted Session Key packets and/or Symmetric-Key Encrypted Session
Key Packets" is incoherent.
The langage in 5.1, for comparsion:
5.1. Public-Key Encrypted Session Key Packets (Tag 1)
A Public-Key Encrypted Session Key packet holds the session
key used
to encrypt a message. Zero or more Encrypted Session Key packets
(either Public-Key or Symmetric-Key) may precede a Symmetrically
Encrypted Data Packet, which holds an encrypted message.
This is not ideal in terms of the packet names; you have to mentally
move the prefixes listed in the parenthesis up and put them in
front of
Encrypted Session Key. But given that slight lapse in clarity, it is
basically correct, and is not as bad as 5.3.
All this language is unchanged since RFC2440.
I do think we should fix at least 5.3, because the present wording is
meaningless and confusing. If we do that I'd suggest changing the
2nd
sentence of 5.1 to match that of 5.3.
Hal Finney
Done.
Jon