pgpfan:tpp
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Next revisionBoth sides next revision | ||
pgpfan:tpp [2022/06/06 19:02] – Clearer wording. b.walzer | pgpfan:tpp [2022/08/21 12:33] – "would of" b.walzer | ||
---|---|---|---|
Line 42: | Line 42: | ||
>The “new format” packets have variable-length lengths, like BER (try to write a PGP implementation and you may wish for the sweet release of ASN.1). | >The “new format” packets have variable-length lengths, like BER (try to write a PGP implementation and you may wish for the sweet release of ASN.1). | ||
- | For part of my working life I had to implement low level protocols from specifications of various kinds. If I had of encountered the OpenPGP packet structure I would of considered implementing to be a relatively good time. The reader is invited to experience the overwhelming complexity of the OpenPGP packet structure. It is defined in [[https:// | + | For part of my working life I had to implement low level protocols from specifications of various kinds. If I had of encountered the OpenPGP packet structure I would have considered implementing to be a relatively good time. The reader is invited to experience the overwhelming complexity of the OpenPGP packet structure. It is defined in [[https:// |
>The most recent keyserver attack happened because GnuPG accidentally went quadratic in parsing keys, which also follow this deranged format. | >The most recent keyserver attack happened because GnuPG accidentally went quadratic in parsing keys, which also follow this deranged format. | ||
Line 115: | Line 115: | ||
>Trevor Perrin worked the SEIP out to 16 whole bits of security. | >Trevor Perrin worked the SEIP out to 16 whole bits of security. | ||
- | This was wrong, but it was not Trevor Perrin' | + | This was wrong, but it was not Trevor Perrin' |
>And, finally, even if everything goes right, the reference PGP implementation will (wait for it) release unauthenticated plaintext to callers, even if the MDC doesn’t match. | >And, finally, even if everything goes right, the reference PGP implementation will (wait for it) release unauthenticated plaintext to callers, even if the MDC doesn’t match. |
pgpfan/tpp.txt · Last modified: 2023/12/19 13:21 by b.walzer