[Top] [All Lists]

Re: [openpgp] test vectors for unknown signatures [was: Re: Implementers: does your OpenPGP tool gracefully discard signature packets of unknown version?]

2022-05-03 04:23:44
Hello :)

Daniel Kahn Gillmor <dkg(_at_)fifthhorseman(_dot_)net> writes:

Hi Peter, all--

On Sun 2022-05-01 10:53:03 +0000, Peter Gutmann wrote:
* The version number in the tests should really be 5 or at most 6, not 23.
When performing version checks my code allows future versions one or two 
of the current one, but a jump of nineteen versions implies corrupted data,
not a time-warp leap of around 200 years worth of standardisation (currently
about ten years per rev).  So I'd say code is quite justified in rejecting
what looks like a gibberish version number.

I'm not convinced of this argument, but if this is the consensus of the
WG, i'm willing to go along with it.  What do other folks think?

That is a non-argument.  Version numbers are not necessarily contiguous.
For example, no-one remembers the two millenia it took for Microsoft to
release Windows 2000.  Or closer to home: there won't be a v4 PKESK
packet even though there will be a v5 PKESK packet.


Attachment: signature.asc
Description: PGP signature

openpgp mailing list