On 2021-04-29 at 11:57 -0400, Daniel Kahn Gillmor wrote:
I've merged in this change in a seperate commit, please review as
of the next draft update. (commit 464ac8232f9)
I think the commit you're talking about is now public as
1edfd5d45a49a5a15d08eff9fff7d5c482acb6da, 'update text on "Simple S2K
and Salted S2K specifiers" as per WG discussion'.
minor clarification: among a few other changes, it adds this line:
+Implementations SHOULD NOT use these methods on encryption of both
keys and messages.
I think this "both" should be "either" -- otherwise, the guidance
like it applies only to some combination encryption (which isn't
possible iirc). otherwise, it looks good to me.
Yep, it's clearly that one. It's basically my
with the "SHOULD avoid" changed into "SHOULD NOT", as discussed. Paul
probably ended up in a catch-22. The "both" was originally present as
"SHOULD avoid (...) on encryption of both keys and messages". I agree
with doing the s/both/either/ in the new text.
openpgp mailing list