(no hats on, just noticed a textual problem and wanted to record it on
the list)
The current draft (and RFC 4880) seems internally inconsistent about the
mandatory nature of the "Hash" armor header in the Cleartext Signing
Framwork section.
In particular, it defines 'one or more "Hash" Armor Headers' as an
official part of what a clearsigned message looks like, but then it
discusses what it means when such a header is absent. (and, when the
header is absent, it says it uses MD5, yikes -- that makes this relevant
to the crypto refresh).
Additionally, though multiple headers could be present, "If more than
one message digest is used in the signature, the "Hash" armor header
contains a comma-delimited list of used message digests."
Finally, what should an implementation do if the hash header doesn't
match the digests found in the actual signature?
This text should be reworked to make the expectations clearer, both for
those generating such a message and for those consuming it. And it
should *not* encourage the use of MD5.
I've noted this as
https://gitlab.com/openpgp-wg/rfc4880bis/-/issues/26. If anyone wants
to propose a patch that cleans this up, that'd be welcome.
--dkg
signature.asc
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp