openpgp: Reject "v5" Signatures Packets.

- The proposal that once thought would end up as the next revision of OpenPGP does not have the backing of the IETF OpenPGP working group. We should not support it for the following reasons: - Accepting it risks proliferation of a proprietary format. - It is less scrutinized, and interactions with other versions or features of the OpenPGP standard is not well understood. Notably, as the "v5" Signature packets use an 8 octet length counter in the footer, the hashed data streams alias with v3 Signatures. See also https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/220 - Rejecting "v5" Signature Packets addresses these risks.
author: Justus Winter <justus@sequoia-pgp.org> 2023-12-04 14:03:03 +0100
committer: Justus Winter <justus@sequoia-pgp.org> 2023-12-05 15:47:10 +0100
commit: 2d96c99a64d2662873d76fbd871c65d14363deb3 (patch)
tree: dd06fb3140cc924bc221654afb6d9a12d4f1dd04
parent: 319b2ba1e87fbd498254cb70bd83cfe2e9b2ebe5 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/openpgp/src/policy.rs b/openpgp/src/policy.rs
index 80b93870..744f8387 100644
--- a/openpgp/src/policy.rs
+++ b/openpgp/src/policy.rs
@@ -777,9 +777,10 @@ a_versioned_cutoff_list!(PacketTagCutoffList, Tag, 21,
     // need to tweak the above.
     //
     // Note: this list must be sorted and the tag and version must be unique!
-    1,
+    2,
     [
         (Tag::Signature, 3, Some(Timestamp::Y2007M2)),
+        (Tag::Signature, 5, REJECT), // "v5" Signatures.
     ]);
 
 // We need to convert a `SystemTime` to a `Timestamp` in
author	Justus Winter <justus@sequoia-pgp.org>	2023-12-04 14:03:03 +0100
committer	Justus Winter <justus@sequoia-pgp.org>	2023-12-05 15:47:10 +0100
commit	2d96c99a64d2662873d76fbd871c65d14363deb3 (patch)
tree	dd06fb3140cc924bc221654afb6d9a12d4f1dd04
parent	319b2ba1e87fbd498254cb70bd83cfe2e9b2ebe5 (diff)