On Tue, 23 Feb 2021 03:19:03 +0100,
Paul Wouters wrote:
- Deprecate non-integrity-protected encryption
+This packet is obsolete.
+An implementation MUST NOT create this packet.
+An implementation MAY process such a packet but it MUST return a clear
diagnostic that a non-integrity protected packet has been processed.
+The implementation SHOULD also return an error in this case and stop
processing.
It's not clear to me how a library should warn the user. In Sequoia,
an application has to opt-in to deprecated algorithms. Is that
enough?
I'm also confused about the interplay between the last two sentences:
in the second-to-last sentence, an implementation "MAY process such a
packet" and in the last it "SHOULD *also* ... stop processing" (stars
mine). Aren't these in conflict?
:) Neal
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp