Re: [openpgp] Overhauling User IDs / Standardizing User Attributes (was:

On 7/1/18 at 5:10 PM, joncallas(_at_)icloud(_dot_)com (Jon Callas) wrote:

On the other hand I like the "hand wavy" approach to User IDs, I think it's 
underutilized :-)
Sure, but it means that you are using a generic text field inways that are hard to parse. Why not define it?

And needing to parse hard to parse fields is a well knownsecurity problem because the resulting bugs are often exploitable.


Cheers - Bill

--------------------------------------------------------------
Bill Frantz        | There are now so many exceptions to the
408-356-8506       | Fourth Amendment that it operates only by
www.pwpconsult.com | accident.  -  William Hugh Murray

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: [openpgp] Overhauling User IDs / Standardizing User Attributes (was: Re: Scoped trust (signatures)), Jon Callas

Next by Date:

Re: [openpgp] AEAD mode unverified chunks, Peter Gutmann

Previous by Thread:

Re: [openpgp] Overhauling User IDs / Standardizing User Attributes (was: Re: Scoped trust (signatures)), Jon Callas

Next by Thread:

Re: [openpgp] Overhauling User IDs / Standardizing User Attributes (was: Re: Scoped trust (signatures)), Wiktor Kwapisiewicz

Indexes:

[Date] [Thread] [Top] [All Lists]