ProtonMail / go-crypto

Fork of go/x/crypto, providing an up-to-date OpenPGP implementation
https://pkg.go.dev/github.com/ProtonMail/go-crypto
BSD 3-Clause "New" or "Revised" License
334 stars 101 forks source link

Remove HashTag check as it is not universally observed #110

Closed andrewgdotcom closed 1 year ago

andrewgdotcom commented 2 years ago

closes #107

twiss commented 2 years ago

Thanks for the PR! If you don't mind I'll hold off on this until there's some consensus on the WG list, since it seemed we don't really have one yet, and e.g. Paul Schaub wrote that he would look into adding it to BouncyCastle (or PGPainless, presumably) instead. I'll follow up on the mailing list as well.

harrycguo commented 2 years ago

@twiss Hi! Is there an update on the status of this PR?

twiss commented 2 years ago

Hey :wave: At IETF 114, there was a poll about this issue, as documented here:

"should we state that implementations MUST reject signatures (v4 or v5) with incorrect signature checksums?" this was supported by 9 and opposed by 1

So, it seems the consensus is in favor of keeping this check. Of course, it can be discussed further on the mailing list, but if consensus stays that way, I think it's unlikely we'll merge this, tbh.

harrycguo commented 2 years ago

Got it, thank you so much for the answer and linking the discussion!

andrewgdotcom commented 1 year ago

I'll close this and open a new one with a different approach, it will share no commits with this one so better to start clean.

andrewgdotcom commented 1 year ago

New PR is #165