On 14/08/2019 11:39, Alessandro Vesely via Gnupg-users wrote: > Absolute monotonicity is wrong. It must be possible to delete errors.
In that case we need a different algorithm. Which I had already been advocating, so you are preaching to the choir. You can keep reiterating that you do not like the current algorithm, but I already got that and I agree. > Exactly! That signature is poisoned, delete it. Which is a denial of service, which I point out in the next paragraph of the mail you replied to. I'll copy-paste it here with a double indentation: >> In neither case will the user get that signature that they actually >> want, and which according to Murphy is actually near the end of where >> GnuPG will be looking. > The defense would try and avoid poisoning. When a signature is > poisoned, the defense has failed. And that's again my very next paragraph: >> I think the solution needs to be sought in a direction where GnuPG >> doesn't have to look for valid data amidst a lot of invalid crap. >> Because evaluating the invalid crap can always be made expensive, so >> there should be other means to say "I'm not going to parse this, find >> another way to get me the proper data where it's not buried in crap". Cheers, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupgfirstname.lastname@example.org http://lists.gnupg.org/mailman/listinfo/gnupg-users