search

ProtonMail / go-crypto

Fork of go/x/crypto, providing an up-to-date OpenPGP implementation
https://pkg.go.dev/github.com/ProtonMail/go-crypto
BSD 3-Clause "New" or "Revised" License
330 stars 100 forks source link

Optionally allow messages without MDC #130

Closed aksdb closed 1 year ago

aksdb commented 1 year ago

Here is my proposal on how to approach #129.

twiss commented 1 year ago

Sorry for the delay! This looks much better.

A few nitpicks: I would name the config option for example InsecureAllowUnauthenticatedMessages, that's a bit more descriptive (for those who don't know what an MDC is), and also makes it clear that the option is insecure. And then the function can just be AllowUnauthenticatedMessages, for example. And the error message could be changed to "Message is not authenticated" (as the "not supported" part is no longer really true after this PR).

aksdb commented 1 year ago

Sorry for the delay! This looks much better.

A few nitpicks: I would name the config option for example InsecureAllowUnauthenticatedMessages, that's a bit more descriptive (for those who don't know what an MDC is), and also makes it clear that the option is insecure. And then the function can just be AllowUnauthenticatedMessages, for example. And the error message could be changed to "Message is not authenticated" (as the "not supported" part is no longer really true after this PR).

Good points. Applied them all.