On 3/18/19 at 6:50 AM, neal(_at_)walfield(_dot_)org (Neal H. Walfield) wrote:
If
an application wants to protect itself against truncation attacks,
then it can buffer the output, or the openpgp implementation can have
a flag.
When processing streamed messages, you have already bought into
the idea that you may be processing early data in the message
before the later data has even been sent.
To protect against truncation attacks you can borrow an idea
from the database people and not commit your changes until you
have a complete message.
Cheers - Bill
------------------------------------------------------------------------
Bill Frantz |"Insofar as the propositions of mathematics
refer to
408-356-8506 | reality, they are not certain; and insofar
they are
www.pwpconsult.com | certain, they do not refer to reality.”
-- Einstein
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp