On Mon, 16 Dec 2024 13:30, Andrew Gallagher said: > even if it’s at the beginning of the subpacket area it’s still > hashed-in after the document, which doesn’t protect against > chosen-prefix attacks.
If you can imagine only chosen-prefix attacks than you are right. But we don't known and we have seen a lot of surprising research in mathemetics. > I am genuinely interested to know why it is _impossible_. OpenPGP has > never seriously attempted to eliminate covert channels - there are But we never introduced new ones without a good reason. > taking plaintext covert channels as a serious threat. Also, v5 > signatures have extra free-text fields (filename, timestamp) that are > hashed-in before the main document, rather than as subpackets. Yes, they can be used. But your WG removed the bug fix (i.e. hashing the meta data). And that is the very reason why it is not possible to support that new signing format. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein
openpgp-digital-signature.asc
Description: PGP signature
_______________________________________________ Gnupg-devel mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-devel
