On 2021-04-29 at 11:57 -0400, Daniel Kahn Gillmor wrote:
I've merged in this change in a seperate commit, please review as
part
of the next draft update. (commit 464ac8232f9)
I think the commit you're talking about is now public as
1edfd5d45a49a5a15d08eff9fff7d5c482acb6da, 'update text on "Simple S2K
and Salted S2K specifiers" as per WG discussion'.
minor clarification: among a few other changes, it adds this line:
+Implementations SHOULD NOT use these methods on encryption of both
keys and messages.
I think this "both" should be "either" -- otherwise, the guidance
sounds
like it applies only to some combination encryption (which isn't
possible iirc). otherwise, it looks good to me.
--dkg
Yep, it's clearly that one. It's basically my
https://gitlab.com/Angel-Gonzalez/rfc4880bis/-/commit/43946c9a300ebac26d78838ab80893685349289f
with the "SHOULD avoid" changed into "SHOULD NOT", as discussed. Paul
probably ended up in a catch-22. The "both" was originally present as
"SHOULD avoid (...) on encryption of both keys and messages". I agree
with doing the s/both/either/ in the new text.
Best regards
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp