xref: /netbsd-src/crypto/external/bsd/netpgp/dist/ref/draft-ietf-openpgp-rfc2440bis-12-comments.txt (revision 93bf6008f8b7982c1d1a9486e4a4a0e687fe36eb) 
13.2 (MPI) doesn't specify what the unused bits should be set
2  to. This may be deliberate but I think it should either say they MUST
3  be zero (which I prefer) or that their content is unspecified.
4
54.2 refers to Content Tags, but 4.3 calls them Packet Tags.
6
75.5.2 doesn't mention V2 keys.
8
9In section 9.1, Schneier is given as the reference for DSA - why not refer to FIPS 186-2, which is freely available? Or, indeed, HAC 11.5.1, available here: http://www.cacr.math.uwaterloo.ca/hac/about/chap11.pdf.
10
11Similarly 9.2, TripleDES (which, presumably is EDE 3DES - it'd be good
12to be specific) is on some FIPS document which I forget or in HAC
13chapter 7 (7.32 in 7.2.3 and 7.4.2).
14
15----
16
17In 5.2.1:
18
19"0x10: Generic certification of a User ID and Public Key packet."
20
21Does this mean that the signature is over the User ID packet and the Public Key packet, concatenated, in that order? Or what?
22
23Also, what on earth does:
24
25       Note that all PGP "key signatures" are this type of
26       certification.
27
28mean?
29
30In 5.2.2:
31
32   "The data being signed is hashed, and then the signature type and
33   creation time from the signature packet are hashed (5 additional
34   octets)."
35
36is unclear, suggest:
37
38"The concatenation of the data to be signed, the signature type and
39creation time from the signature packet (5 additional octets) is hashed."
40
41In 5.9:
42
43   " - File name as a string (one-octet length, followed by file name),
44       if the encrypted data should be saved as a file."
45
46but no mention of what if it shouldn't be saved as a file. 0 length,
47perhaps?
48
49Then:
50
51   " - A four-octet number that indicates the modification date of the
52       file, or the creation time of the packet, or a zero that
53       indicates the present time."
54
55I would _guess_ that it means modification date of the file if there's
56a filename, the creation time if there isn't. I have no idea what zero
57is supposed to mean. Nothing, would be the obvious interpretation -
58"the present time" is nonsensical.
59
60Once more, when I know what its supposed to mean, I'll suggest
61wording.
62
63------
64
655.2.3.5 Issuer
66
67should be:
68
695.2.3.5 Issuer key ID
70
71A tiny point, I know, but it made it hard to find.
72
73Key algorithms ... these are used in various contexts, and there's a
74list in 9.1 - some of these are clearly unsuitable in some contexts -
75for example, one would not expect to see RSA Ecnrpyt-Only (3) in a
76signature. But I can't find any language saying anything about
77this. Are there any rules?
78
79