ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] Bug#931238: hot armor: please drop "Version: " header

2019-07-07 20:42:32
from [Peter Gutmann] [Permanent Link] 
Marcus Brinkmann 
<marcus.brinkmann=40rub(_dot_)de(_at_)dmarc(_dot_)ietf(_dot_)org> writes:


That seems almost like a bottomless pit.  Some thoughts (not meant to be
exhaustive):


Thanks, saved me typing all that.  If it's going to be done as an RFC, it
needs to come with a warning that at best any countermeasures are going to
stop simple-minded fingerprinting, but not anything very advanced.

Also if it's going to be done as an RFC then it should state what threat all
this will be defending against.  "An attacker knowing that you're running out-
of-date software" barely qualifies as a threat - they can just try and attack
you anyway - and I can't see what other purpose it serves.

Peter.

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] Bug#931238: hot armor: please drop "Version: " header, Daniel Kahn Gillmor
Next by Date:  Re: [openpgp] Bug#931238: hot armor: please drop "Version: " header, ilf
Previous by Thread:  Re: [openpgp] Bug#931238: hot armor: please drop "Version: " header, Marcus Brinkmann
Next by Thread:  Re: [openpgp] Bug#931238: hot armor: please drop "Version: " header, ilf
Indexes:  [Date] [Thread] [Top] [All Lists]