[pkg-gnupg-maint] gnupg2-revert-rfc4880bis.patch

Andreas Metzler ametzler at bebt.de
Sun Mar 31 13:15:10 BST 2024 

On 2024-03-29 Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> On Fri 2024-03-29 15:55:27 +0100, Andreas Metzler wrote:
[...]
> > 2 Should we patch gnupg >= 2.2.40 and 2.4 to ignore the setting for
> > AEAD/OCB preference when encrypting messages.  ("c")
> >
> > I would tend to say yes to 1 and no to 2.
[...]
> I think i disagree with you about (2): this behavior is precisely what
> caused the failures with thunderbird recently.  The version of librnp
> that thunderbird was using let users import a secret key/certificate
> that had been generated with a version of GnuPG that included the
> advertisement, and send mail with it, including the certificate.

> Then someone responded using a tool (like the proposed GnuPG version)
> which emitted packets, that Thunderbird then couldn't read.

> Do we want the debian packages to play into that dynamic?

Hello Daniel,

well on one hand we wouldn't want to push AEAD/OCB but OTOH
a) this could be be avoided by the key owner using correct settings and
b) ignoring the key-owner's setting is a big change compared to #1

Also I suspect that all current openpgp implementations could deal with
AEAD/OCB (Iirc I had tested sqop and rnp 0.17.0.), so thunderbird could
make this a non issue by upgrading rnp.

However I am convinced it is impossible to be perceived as neutral on
the whole matter.

Also the above should not be taken as a vote or veto I am simply
presenting the reasons for the stated preferrence.

>> I still do not what usecases break when with respect to "v5 wireformat",
>> i.e. when gpg 2.4 generates it. e.g. "gpg-2.4 --detach-sign -a ..."
>> (with a gpg 2.4 generated rsa key) generates a detached signature that
>> can be verified with "sqop verify ".

> This is a separate question from what you mentioned above, right?

Yes.

> Seems like you're asking about v5 signatures here, but you're saying
> that the proposed versions don't currently emit them by default.
> that's a good report to have!

FWIW I ran through most of the Compliance options of GnuPG 2.4.5
(--gnupg --openpgp --rfc4880 --rfc4880bis --rfc2440) when generating a
detached signature with a gnupg 2.4.4 RSA key, the SHA1 using variants
(--openpgp --rfc2440 --rfc4880) failed to verify with sqop, the others
worked.

A detached signature with key with generated with gnupg 2.4.5 defaults
(cv25519) was also verifyable with sqop.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the pkg-gnupg-maint mailing list