On 14/08/2019 11:39, Alessandro Vesely via Gnupg-users wrote:
> Absolute monotonicity is wrong.  It must be possible to delete errors.

In that case we need a different algorithm.

Which I had already been advocating, so you are preaching to the choir.
You can keep reiterating that you do not like the current algorithm, but
I already got that and I agree.

> Exactly!  That signature is poisoned, delete it.

Which is a denial of service, which I point out in the next paragraph of
the mail you replied to. I'll copy-paste it here with a double

>> In neither case will the user get that signature that they actually
>> want, and which according to Murphy is actually near the end of where
>> GnuPG will be looking.

> The defense would try and avoid poisoning.  When a signature is
> poisoned, the defense has failed.

And that's again my very next paragraph:

>> I think the solution needs to be sought in a direction where GnuPG
>> doesn't have to look for valid data amidst a lot of invalid crap.
>> Because evaluating the invalid crap can always be made expensive, so
>> there should be other means to say "I'm not going to parse this, find
>> another way to get me the proper data where it's not buried in crap".



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

Attachment: signature.asc
Description: OpenPGP digital signature

Gnupg-users mailing list

Reply via email to