Detached signature ambiguity (was: [Announce] GnuPG 2.1.0 "modern" released)
Nicholas Cole
nicholas.cole at gmail.com
Mon Nov 10 13:03:41 CET 2014
On Mon, Nov 10, 2014 at 11:59 AM, Peter Lebbing <peter at digitalbrains.com> wrote:
> On 10/11/14 12:02, Nicholas Cole wrote:
>> So the confusion is
>> that you have one single command that deals with verifying both a
>> detached signature and with a file that contains a signature?
>
> Yes.
>
>> Is the best fix for this to introduce two new commands
>
> That seems extreme. Although you could add commands that make it
> explicit what you want, removing the existing, ambiguous one would cause
> massive breakage of deployed scripts. Werner is always very cautious
> about doing that.
>
> Maybe this avenue of thought can help come up with a good solution. When
> people verify a detached signature, they usually have two files named:
>
> file.ext
> file.ext.sig
>
> If GnuPG encounters this situation, but file.ext.sig is not a detached
> signature, it could display a big fat warning:
>
> WARNING: file.ext.sig is NOT a detached signature; the file file.ext is
> NOT VERIFIED!
Yes, Werner is very good at not breaking things that don't need to be
broken. But in fact, it is the fact that scripts depend on this that
made me think that this might be a case where things *should* get
broken, because this is actually a serious security flaw, and the
scripts in question need fixing. In many cases, no one is going to be
around to read the warning you suggest.
Just a thought.
N.
More information about the Gnupg-users
mailing list