On Wed 2015-04-15 17:08:45 -0400, Jon Callas wrote:
On Apr 15, 2015, at 11:28 AM, Wyllys Ingersoll <wyllys(_at_)gmail(_dot_)com>
wrote:
Can someone explain the reasoning behind deprecating compression ?
Im neutral on the idea, just trying to understand the benefits of
getting rid of it beyond simplifying the processing of the packets.
Yes. That is the reason.
Someone could wave their hand at you and give a security reason, but
it's just a handwave. The reality is that it is *better* to have a
simpler processing path than smaller messages.
Simplicity is key, for sure, because bugs can hide more easily in
complexity. And some of those bugs are security issues.
The additional expressivity itself (complexity aside) can also present a
security concern, because the data structures can take on new and
surprising forms:
http://mumble.net/~campbell/misc/pgp-quine/
--dkg
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp