[Top] [All Lists]

Re: [openpgp] "OpenPGP Simple"

2015-03-17 02:00:52

On Mar 16, 2015, at 7:10 PM, Peter Gutmann 
<pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz> wrote:

The whole bizarro sort-of-fixed-point encoding of lengths is a pain (this is a
cue for Jon to do his "every bit is sacred" dance).  If the format is revised,
there should be only two lengths, a 16-bit one for almost everything (keyring
data, signatures, etc), and a 32-bit one for payloads and partial lengths that
are going to exceed 16-bit lengths.  

Okay... NOOOOOOOOO!!!!! For the love of God, Montressor, only *one* type of 
length. You’re spending more space in the parsing code and sooner or later, 
someone’s going to screw it up and there will be a stupid ass security problem 
that could have been solved by just spending the two damned extra bytes.

While I'm venting, shall I get started on the MDC kludge?

Sure. Go right ahead.

But when you do, take into account that MDC pre-dates HMAC and at the time, one 
of the major objections was a "why would you want to have symmetric crypto 
protection when you could just sign it" whine, and the other was excessive 
worry about single-pass processing that got so irrational we couldn’t work 
through it.

Standards are compromises, and a good compromise leaves everyone a bit grumpy. 
Since those days, I’ve developed an affection for MDC because it sits in a 
nether world where related concepts like deniable encryption that also sound 
good until you think about them for long enough. And it doesn’t hurt anything, 
because if you really want it protected, just sign the darned thing.

But please, please, go right ahead.

openpgp mailing list

<Prev in Thread] Current Thread [Next in Thread>