At Tue, 2 Apr 2019 14:07:24 -0700,
Jon Callas wrote:
This is another issue about the different semantics of communications
security and storage security.
Consider the case of someone who archives files and encrypts them with
OpenPGP. Handwaving a bit, let’s just say it’s a .tar.gz.pgp of some source
tree. Now consider that there’s a media failure and that failure affects one
byte.
If that was encrypted using the new AEAD encrypted data, we have nominally
discussed that there should not be a release of the data. Yet I need it;
there’s no other copy (or there *are* copies, but the copies are of the same
damaged file.
The owner of that file needs to get as much of it back as possible. Thus,
there needs to be an option to ignore the AEAD error and just give the
plaintext. If the specification says MUST NOT, then this an issue. We need an
escape hatch. I can think of a number of ways to do it, for example it could
say something like “MUST NOT by default..."
Nonetheless, we need one so that people can pry open a damaged file.
I agree that we should have an option like this, and that it should
require explict opt-in by the user of the library / tool.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp