inclusion of Features Subpacket in v4 keys according to crypto-refresh? #64
Comments
|
I think it makes sense. I implemented it in feature-subpkt-v4-cert (we can still decide whether to use it or not) |
|
Thinking about it again, I see more the problem more complex. GnuPG got its v5 AEAD feature announcement patched out by one Linux distribution recently. I dont' t remember which distro. Some applications processing OpenPGP keys remove the Feature. The discussion was on one GnuPG mailing list, I think the "users" one. So the same situation could arise for the v6 Features. If that is what we must anticipate, then maybe it makes sense to introduce further compile time switches. For instance it could look like this:
|
|
I think your proposal makes sense for an additional reason: Passive support can be activated with more confidence and therefore done sooner, and thus possibly speed up adoption. In addition, it can make sense to replace the compile-time switches with runtime switches (i.e. FFI API calls) when enabling one of the steps (I), (II), or (III) in the default build. There is the possibility that introducing "passive but announcing support" will be less controversial for the Crypto Refresh since it's the official successor in the IETF. |
The crypto-refresh specifies:
Currently, even when compiling RNP with crypto-refresh support, when generating v4 keys, the Features Subpacket is absent. This is for instance also the case for a backwards compatible traditional v4 key with a v4 PQC encryption subkey.
So the question arises whether, when crypto-refresh-support is compiled in, a Features Subpacket with support for v2 SEIPD should be included in the certificate.
@TJ-91
@ni4
The text was updated successfully, but these errors were encountered: