diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2023-12-04 14:03:03 +0100 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2023-12-05 15:47:10 +0100 |
commit | 2d96c99a64d2662873d76fbd871c65d14363deb3 (patch) | |
tree | dd06fb3140cc924bc221654afb6d9a12d4f1dd04 | |
parent | 319b2ba1e87fbd498254cb70bd83cfe2e9b2ebe5 (diff) |
openpgp: Reject "v5" Signatures Packets.
- The proposal that once thought would end up as the next revision
of OpenPGP does not have the backing of the IETF OpenPGP working
group. We should not support it for the following reasons:
- Accepting it risks proliferation of a proprietary format.
- It is less scrutinized, and interactions with other versions
or features of the OpenPGP standard is not well understood.
Notably, as the "v5" Signature packets use an 8 octet length
counter in the footer, the hashed data streams alias with v3
Signatures. See also
https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/220
- Rejecting "v5" Signature Packets addresses these risks.
-rw-r--r-- | openpgp/src/policy.rs | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/openpgp/src/policy.rs b/openpgp/src/policy.rs index 80b93870..744f8387 100644 --- a/openpgp/src/policy.rs +++ b/openpgp/src/policy.rs @@ -777,9 +777,10 @@ a_versioned_cutoff_list!(PacketTagCutoffList, Tag, 21, // need to tweak the above. // // Note: this list must be sorted and the tag and version must be unique! - 1, + 2, [ (Tag::Signature, 3, Some(Timestamp::Y2007M2)), + (Tag::Signature, 5, REJECT), // "v5" Signatures. ]); // We need to convert a `SystemTime` to a `Timestamp` in |