[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Relevant diffs between -04 and -05
This is it. I edited out header/footer diffs, TOC diffs, and version number
< MUST be at least 512 octets long. Partial Body Lengths MAY NOT be
> MUST be at least 512 octets long. Partial Body Lengths MUST NOT be
< uncompressed data is preferred; the key holder's software may not
< have compression software. This is only found on a self-signature.
> uncompressed data is preferred; the key holder's software might have
> no compression software in that implementation. This is only found
> on a self-signature.
< implementation uses more bits of compression, If an implementation
< uses more bits of compression, PGP V2.6 cannot decompress it.
> implementation uses more bits of compression, PGP V2.6 cannot
> decompress it.
> - "Hash", a comma-separated list of hash algorithms used in this
> message. This is used only in clear-signed messages.
> - "Charset", a description of the character set that the plantext
> is in. Please note that OpenPGP defines text to be in UTF-8, so
> this Armor Header Key is only useful for backwards
> compatibility. An implementation MAY implement it; an
> implementation MAY ignore it.
< - Zero or more "Hash" Armor Headers,
> - One or more "Hash" Armor Headers,
< SHA-1 is used. If more than one message digest is used in the
< signature, the "Hash" armor header contains a comma-delimited list
< of used message digests.
> MD5 is used, an implementation MAY omit them for V2.x compatibility.
> If more than one message digest is used in the signature, the "Hash"
> armor header contains a comma-delimited list of used message
< algorithm identifier 20.
> algorithm identifier 20 for an Elgamal public key that can sign.
> Many security protocol designers think that it is a bad idea to use
> a single key for both privacy (encryption) and integrity
> (signatures). In fact, this was one of the motivating forces behind
> the V4 key format with separate signature and encryption keys. If
> you as an implementor promote dual-use keys, you should at least be
> aware of this controversy.
< could leak the secret key.
> could leak the secret key. These same considerations about the
> quality of the hash algorithm apply to Elgamal signatures.
< * PGP 5.0 can read an RSA key in V4 format, but will only
< recognize it using V3 format.
> * PGP 5.0 can read an RSA key in V4 format, but can only recognize
> it with a V3 keyid, and can properly use only a V3 format RSA
< * PGP 2.6.x and PGP 5.0 sometimes add to the beginning of a file a
< zero-length compressed data packet.