[Top] [All Lists]

Re: algorithm IDs

2008-06-20 05:04:12

On Fri, 20 Jun 2008 12:48, rabbi(_at_)abditum(_dot_)com said:

Actually, my concern has to do with the fact that OIDs are of arbitrary
length. X.509 got it wrong; we might too.

How can you get this wrong?  You compare the length byte and the the
data.  That is trivial.  Some folks might be tempted to use a BER parser
but is overkill and a bad practise.

We have far more complicated encoding schemes in OpenPGP packets than a
length byte and some opaque data bytes as I suggest to use for the OID.

I agree that's a problem, but isn't the solution "upgrade the client that
can't handle the larger keys?"

Sure, it is just a practical problem.  The users need to ge a new
version of the software.  For GNU/Linux that may take half a year and
the willingness to update to something new.



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.