- For backwards compatibility, compliant implementations MAY
decompress compressed data packets.
I would also change this to SHOULD, because IMHO backwards compatibility
is important and there are decades of compressed data out there.
With v4 keys, yes. But not with v5 keys. We could say MUST NOT compress when
encrypting to v5 keys, or perhaps backport this a bit if we say MUST NOT
compress with AEAD. Either will be a clear cut.
I would lessen this a tiny bit and say SHOULD NOT. I can still imagine
cases where one MAY want to emit a compressed data packet, especially if
the sender and receiver have some out-of-band knowledge.
Keep in mind anything we keep as a SHOULD will definitely have to be supported
by implementations forever on the receiving side. It would be nice if future
implementations were able to also drop that attack surface altogether, together
with v4 key or non-AE encryption support.
- V
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp