This is another issue about the different semantics of communications security
and storage security.
Consider the case of someone who archives files and encrypts them with OpenPGP.
Handwaving a bit, let’s just say it’s a .tar.gz.pgp of some source tree. Now
consider that there’s a media failure and that failure affects one byte.
If that was encrypted using the new AEAD encrypted data, we have nominally
discussed that there should not be a release of the data. Yet I need it;
there’s no other copy (or there *are* copies, but the copies are of the same
damaged file.
The owner of that file needs to get as much of it back as possible. Thus, there
needs to be an option to ignore the AEAD error and just give the plaintext. If
the specification says MUST NOT, then this an issue. We need an escape hatch. I
can think of a number of ways to do it, for example it could say something like
“MUST NOT by default..."
Nonetheless, we need one so that people can pry open a damaged file.
Jon
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp