On 16/04/2015 16:39 pm, Derek Atkins wrote:
Christoph Anton Mitterer <calestyo(_at_)scientia(_dot_)net> writes:
On Wed, 2015-04-15 at 16:21 -0400, David Shaw wrote:
Using a string is fine, but even with numbers, there is no rule that
the number has to be a single byte. After enough years and algorithms
added, it could be "100000:ABCDEF0123..."
But numbers would make problems if we're using the binary representation
of the fingerprint (i.e. not the ASCII/UTF8 version of it).
How should one know where the algo type ends, 0x0 can't be used since it
may be part of the number.
So it can only be done if the algo type is defined to be a (null
terminated) string.
It's easy -- all algorithms are currently defined to be <= 127. If we
need more than that we can use base-128 encoding. I.e., the number is
self-length-encoded in a way that you always know when the number ends.
The benefit of using a number instead of a string is that in the vast
majority (probably 99.999%) of use cases we'll be within the 127-value
limitation so we can encode it in exactly one byte. A string will
always require at least two bytes, and that only gives you ~52 options.
I rather use numbers than strings because a number is typically far more
controlled, which is important in a security context. With strings,
there's always room for manouvre. Leaving that room in means people
will abuse it.
In a sense, it's almost a signal - a number means it has to be exact &
checked. A string means it's up to the application to display and some
higher layer to figure out and interpret. All waste, all opportunity
for trouble.
iang
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp