No preference is expressed at all in RFC-2440. So it appears that
RFC-9580 is simply incorrect.
See my response about the various dictionary meanings of "obsolete"
(here as a transitive verb), as to why it actually might be correct,
even if RFC 2440 did not explicitly express a preference.
I won't die on that hill though, I know there's wiggle room.
From RFC-4880:
PGP 2.6.x only uses old format packets. Thus, software that
interoperates with those versions of PGP must only use old format
packets. If interoperability is not an issue, the new packet format
is RECOMMENDED.
So RFC-9580 is also incorrect for RFC-4880 as well. I don't know the
reasoning behind RFC-9580 changing this to "SHOULD NOT" and why the
incorrect language was used.
That's where it is so useful to look up the official definition of the
capital words from the RFCs. You would have known that in this
particular instance, RFC 9580 means the exact same thing as RFC 4880.
From RFC 2119:
"" *SHOULD* This word, or the adjective "RECOMMENDED", mean that there
"" may exist valid reasons in particular circumstances to ignore a
"" particular item, but the full implications must be understood and
"" carefully weighed before choosing a different course.
""
"" *SHOULD NOT* This phrase, or the phrase "NOT RECOMMENDED" mean that
"" there may exist valid reasons in particular circumstances when the
"" particular behavior is acceptable or even useful, but the full
"" implications should be understood and the case carefully weighed
"" before implementing any behavior described with this label.
So when RFC 4880 says:
"" If interoperability is not an issue, the new packet format
"" is RECOMMENDED.
It means the exact same thing as:
"" If interoperability is not an issue, the old packet format
"" is NOT RECOMMENDED.
Which means the exact same thing as:
"" If interoperability is not an issue, the old packet format
"" SHOULD NOT be used.
Which (from those who output data) means the exact same thing as:
"" The Legacy packet format SHOULD NOT be used to generate new data,
"" unless the recipient is known to only support the Legacy packet
"" format.
So as you can see, the legal meaning of RFC 9580 here is exactly the
same as that of RFC 4880.
LibrePGP introduces no changes from RFC-4880 with respect to this. So
in the world of GnuPG the new packet format is only "RECOMMENDED" for
cases where interoperability is not an issue.
Let's be honest, interoperability has not ben an issues for likely more
than a decade. Given that, and the legal argument above, in GnuPG word
you SHOULD output the new format, and you SHOULD NOT output the old format.
And now the real funny part. The latest version of LibrePGP states:
"" If interoperability is not an issue, the new packet format
"" is RECOMMENDED
Same as RFC 4880. So not only GnuPG is in clear violation of the legal
equivalent of a "SHOULD NOT" from a 18 year old RFC, the recommendation
(and associated violation) persists even through the very draft it
promotes.
Loup.
_______________________________________________
Gnupg-users mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnupg-users
