coping with unknown keywords on --status-fd

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Sep 15 23:39:43 CEST 2016


hi folks--

Is it safe for a program that is interacting with GnuPG to ignore status
keywords that it gets but doesn't understand?

DETAILS says:

    an application should always be prepared to see new
    keyworkds or more arguments in future versions.

(i think that means "keywords", but i missed it in my recent spelling
cleanup)

What does "prepared to see" mean?  does it mean "can safely ignore" ?
Is this always going to be the case?  If so, can we commit to it
explicitly in DETAILS?

Recent versions of GnuPG emit KEY_CONSIDERED status lines, which does
seem like it could be safely ignored.

But consider the situation where a list of keys that are known to be bad
is introduced (imagine someone publishes corresponding secret key
material, based on a bad system RNG in some OS).  If GnuPG were to have
access to such a blacklist, i can imagine a future version of GnuPG
emitting a new status line like KEY_KNOWN_BAD, during signature
validation, but this would not be safe to ignore.

Or, would GnuPG emit a BADSIG instead of of a VALIDSIG in this case, in
addition to a new KEY_KNOWN_BAD line?

The clearer we are about what the project commits to going forward, the
less brittle and more forward-compatible any downstream dependencies
will be.

         --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: </pipermail/attachments/20160915/5b23cc8b/attachment.sig>


More information about the Gnupg-devel mailing list