Re: [openpgp] respecting key flags for decryption

Peter Gutmann <> Thu, 08 November 2018 22:31 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B9B9D130DF9 for <>; Thu, 8 Nov 2018 14:31:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id VZn_d3J6iza4 for <>; Thu, 8 Nov 2018 14:31:53 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BF0D3130EC0 for <>; Thu, 8 Nov 2018 14:31:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=mail; t=1541716312; x=1573252312; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=XzoVFMGla0+SwUNHV0KiGd4q7CbhS92A8bX/1q0woPU=; b=X3zMz1HalE+y6oiYQ4QtLCACKLTEQxbCLuIdza3bUl10sXGM9LVMO+PU 3WIdGcy3KreP/3MCVfuObL5iBubK39LtjcdWMJ4PRNQv/f9eU8SzP4IjX z1rUFGjyKYteFE2i4nuTwDyUjwWV2vzlqpsFjb6yscBsMBS3aHykFBpRx MKXBNxz+6S49CC+rD2LQmpqPTwPug9h5mRZaDgtvvvigJyf1wE44qD7o2 iIyP9s5g3qSuvbswR9DOVudvZao+RWZdHH1MP87S7LojCwpDi/pO39FFM Ungg/yEqevvBiqwVlpO9UUxktUw2FVHtduen1QsYoyTi4kROnAmaU/zwj Q==;
X-IronPort-AV: E=Sophos;i="5.54,481,1534766400"; d="scan'208";a="38857997"
X-Ironport-Source: - Outgoing - Outgoing
Received: from (HELO ([]) by with ESMTP/TLS/AES256-SHA; 09 Nov 2018 11:31:51 +1300
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 9 Nov 2018 11:31:50 +1300
Received: from ([]) by ([]) with mapi id 15.00.1395.000; Fri, 9 Nov 2018 11:31:50 +1300
From: Peter Gutmann <>
To: Vincent Breitmoser <>, Jon Callas <>
CC: "" <>
Thread-Topic: [openpgp] respecting key flags for decryption
Thread-Index: AQHUdq6nvTjqM1Dj2EWug5wDrVC4uKVEBl6AgADdrgCAAZQk6A==
Date: Thu, 8 Nov 2018 22:31:50 +0000
Message-ID: <>
References: <> <>, <>
In-Reply-To: <>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [openpgp] respecting key flags for decryption
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 08 Nov 2018 22:31:55 -0000

Vincent Breitmoser <>; writes:

>The reason this happened, I strongly suspect, is exactly because they treated
>GnuPG as a reference implementation: they tested that it worked against GnuPG
>(or some frontend), found it worked in practice (without even a warning), and
>then left it at that.

This is a problem with several protocols where there's a single widely-used
implementation.  It also affects SSH, a standards-conformant implementation
isn't something that follows RFC 4251-4, it's something that you can connect
to with Putty (server) or that connects to OpenSSH (client).  That really is
the conformance-test for SSH, "we can connect to it with Putty, it's now
complete and fully standards-compliant".

Maybe all of these unofficial reference implementations need a strict-checking
mode for when they're being (incorrectly) used as reference implementations...