Open dkg opened 2 months ago
Hi, thanks for letting us know. Yeah, here by default we reject unknown subpacket and signature which includes it, being stricter by default. However user may ignore this error via the CLI (or FFI for API user).
Why is the subpacket type 37 marked as critical? If you want it to be ignored by implementations that don't understand it, shouldn't it be marked non-critical?
The subpacket is marked as critical because if you don't understand that kind of subpacket, you should not be accepting that kind of signature.
But, if you ignore this signature (or treat it as invalid), the remaining certificate is still just fine. Rejecting the whole certificate because one signature in it is invalid -- even though you would have accepted the entire certificate had that signature not been there -- this is what makes the implementation unnecessarily brittle. And that brittleness makes it harder to improve the ecosystem as a whole, because implementations (including RNP!) can't deploy newer parts of OpenPGP without worrying that old versions of RNP will choke when they see these things.
This OpenPGP certificate contains a "1st party approved 3rd party certifications" (1pa3pc) signature over its User ID:
When i try to import it with
rnpkeys
, i get a failure:If i try to import it without the 1pa3pc selfsig,
rnpkeys
imports it just fine. Likewise, if i import it withrnpkeys --import --permissive test.cert
it alsornpkeys
being brittle here presents a challenge to the whole ecosystem for deploying any new kind of signature or subpacket.I think this is related to #2204 -- it is almost certainly a similar policy issue.