Series of minor questions about OpenPGP 1

David Shaw dshaw at jabberwocky.com
Tue Jan 27 04:57:37 CET 2009


On Jan 26, 2009, at 6:15 PM, Peter Thomas wrote:

> On Mon, Jan 26, 2009 at 11:31 PM, David Shaw <dshaw at jabberwocky.com>  
> wrote:
>> No, they don't have a concept of a packet type above 15.  There are
>> only 4 type bits in the old-style packet header. :)
> Yes, that was clear
>
>> Old programs will basically blow up if they see something they don't
>> understand.  There is a special packet, the Marker Packet (tag 10)
>> which basically exists to make PGP 2.x print out "You need a newer
>> version of PGP" before PGP 2.x would blow up.
> My intention (and also behind the question whether there is something
> like the critical bit for packet types) is this:
> Suppose a new packet type (above 15) is added which is VERY critical
> for the security, meaning that it would be very very bad if some
> implementation isn't able to interpret it.
> Is it secured that those applications will blow up, give errors etc.?

They should at least fail - a new style RFC-4880 (or 2440) packet (of  
any type) is unreadable by an old RFC-1991 program.  It simply won't  
be meaningful.  At to *how* it will fail, that depends on the program.

The point of the Marker Packet is to force a graceful failure early.

> If not (and that was my motivation behind the general usage of new
> packet headers) it would be better if no packet type (even those below
> 16) are understood by these legacy applications and thus the whole
> key/message would be unusable for them.

If there was such a situation, then forcing the use of a new packet  
header would certainly break old programs, but this isn't sufficient:  
most programs understand new packet headers, but they may not  
understand your new packet type.  Or put another way - you can't solve  
that problem with packet headers.

David




More information about the Gnupg-users mailing list