potential IETF WG incompatibility with GnuPG 2.3

Bernhard Reiter bernhard at intevation.de
Thu Dec 15 09:21:41 CET 2022


Am Dienstag 13 Dezember 2022 12:33:35 schrieb Neal H. Walfield:
> koo is out of spec, because it delivers certificates without User IDs
> (1).  It come into spec by inserting a null User ID without a self
> signature (2).

Though that seems to be a mechanistic compliance, which does not make
much sense. So I'd still consider this out of speficiation because
the user ID would be useless and obviously not performing the intentions
expressed in RFC4880.

> As I understand it, gpg would treat that (2) the same 
> way as it treats a certificate without any User IDs (1).

If this is the case (which I do not know for sure), it looks like a good 
decision for an implementation which stays in line with the purpose of 
what the User ID was meant for in the specification (and real use).

Regards
Bernhard

-- 
https://intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20221215/1f8d91a5/attachment.sig>


More information about the Gnupg-devel mailing list