On 7 Dec 2024, at 13:58, Werner Koch via Gnupg-devel <gnupg-devel@gnupg.org> wrote: > > Some people obviously want to have this > covert channel in signatures.
Which people? Werner, this is a very serious allegation. If you’re not willing to name names and provide receipts, I would strongly advise you to withdraw it. As discussed previously on the openpgp mailing list, there are already countless places in the wire format that an adversary could use for a covert channel, and I’m not aware of any implementation (including gnupg) that attempts to close these channels, perhaps because doing so would be a rich source of interop failures. It would be counterproductive for an adversary to introduce salted signatures for this purpose, as doing so would only draw attention for little further benefit. Please let this be the end of it. Thanks, A _______________________________________________ Gnupg-devel mailing list Gnupg-devel@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-devel
