Strictly validate CSF message structure to mitigate fuzzy Armor Headers (!345) · Merge requests · openpgp-wg / rfc4880bis

Daniel Kahn Gillmor requested to merge dkg/deprecate-csf into main Oct 08, 2023

This change is intended as an alternative to !337 (closed). It deliberately does not further deprecate CSF, but rather requires implementations to be as strict as possible about CSF structure (in particular, the armor headers present at the top of the message), to reduce the risk of deliberate semantic confusion via unspecified armor headers.

Strictly validate CSF message structure to mitigate fuzzy Armor Headers

Merge request reports