Re: [openpgp] I-D Action: draft-ietf-openpgp-crypto-refresh-02.txt (fwd)

On Tue 2021-02-23 08:15:06 -0500, Derek Atkins wrote:
>    Implementations SHOULD generate V4 signatures.  Implementations MUST
>    NOT create version 3 signatures; they MAY accept version 3
>    signatures.
As Paul and Werner both noted, this is a hiccup in the transitional
nature of the document.

I've flagged it as https://gitlab.com/openpgp-wg/rfc4880bis/-/issues/15
so that we don't lose track of it.

> There is no MUST create version.  Is this intended to change?
fwiw, (no hats on) i'm not sure that "MUST create" is the right wording
ultimately.  We want "MUST be able to create" or "MUST create [in some
specific context]" but i can't see requiring creation of a signature
type without one of those caveats.

> Later (5.8):
>
>    This packet is obsolete.  An implementation MUST NOT create this
>    packet.  An implementation MAY process such a packet but it MUST
>    return a clear diagnostic that a non-integrity protected packet has
>    been processed.  The implementation SHOULD also return an error in
>    this case and stop processing.
>
> I'm confused by this text.  If an implementation chooses to process this
> packet type (e.g. I have 20-year-old PGP-encrypted messages that I'd still
> like to be able to read without re-encrypting them), why are you saying
> that it should return an error and stop processing?  So it MAY process but
> SHOULD stop processing?  I'm confused.
I've recorded this as
https://gitlab.com/openpgp-wg/rfc4880bis/-/issues/16 and mentioned
Robert's suggestion of how it could be re-phrased.

         --dkg

signature.asc
Description: PGP signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp