[Top] [All Lists]

Re: [openpgp] "OpenPGP Simple"

2015-03-23 15:14:54
On 22/03/2015 14:56 pm, Phillip Hallam-Baker wrote:

People keep telling me that canonicalization is necessary for
security. In 25 years I have never once heard someone give a use case
where it did.

It was *very* important when people were cut& pasting pgp-signed emails around (and the contracts I eluded to earlier) but this all disappeared when more sophisticated techniques turned up which included MIME and also PGP encryption itself.

The last time I had a canonicalisation nightmare was in about 1997, sitting in a tent hand-crufting bits of a PGP book back together. With a bunch of Americans giggling in the background to accentuate our pain.

That amusing memory aside, I think yes, canonicalisation has kind of shifted down in priorities and would be a contender for occam's razor.

Of course, the real author of ASN.1 becomes clear when you know it is
his name backwards.

lol...  "the one"


openpgp mailing list

<Prev in Thread] Current Thread [Next in Thread>