Page MenuHome GnuPG

DemiMarie (Demi Marie Obenour)
User

Projects

User does not belong to any projects.

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Thursday

  • Clear sailing ahead.

User Details

User Since
May 8 2022, 2:50 AM (8 w, 2 d)
Availability
Available

Recent Activity

Mon, Jun 20

DemiMarie abandoned D555: g10: Disallow compressed signatures and certificates.

Closing in favor of D556.

Mon, Jun 20, 6:41 PM · gnupg
DemiMarie updated the diff for D556: Disallow compressed signatures and certificates.

When failing due to a bad packet in a detached signature, log the
packet's type.

Mon, Jun 20, 6:40 PM
DemiMarie requested review of D556: Disallow compressed signatures and certificates.
Mon, Jun 20, 6:32 PM
DemiMarie added a revision to T5993: gpg should reject compressed packets outside of messages: D556: Disallow compressed signatures and certificates.
Mon, Jun 20, 6:32 PM · Feature Request, gnupg

Sat, Jun 18

DemiMarie edited reviewers for D555: g10: Disallow compressed signatures and certificates, added: gniibe; removed: sergei, gp_ast.
Sat, Jun 18, 1:38 AM · gnupg
DemiMarie added reviewers for D555: g10: Disallow compressed signatures and certificates: sergei, gp_ast.
Sat, Jun 18, 1:35 AM · gnupg
DemiMarie removed a reviewer for D555: g10: Disallow compressed signatures and certificates: werner.
Sat, Jun 18, 1:34 AM · gnupg

Fri, Jun 17

DemiMarie updated the summary of D555: g10: Disallow compressed signatures and certificates.
Fri, Jun 17, 8:37 PM · gnupg
DemiMarie added a comment to D555: g10: Disallow compressed signatures and certificates.

Compressed packets in detached signatures and/or certificates have never been permitted by any version of the standard.

Fri, Jun 17, 8:36 PM · gnupg
DemiMarie updated subscribers of D555: g10: Disallow compressed signatures and certificates.
In D555#5569, @werner wrote:

Sorry, there is no padding packet in OpenPGP. Please do no try to push ideas from that crypto-refresh-06 thing into GnuPG. We continue to follow the last draft with consesus, which is rfc4880bis-10.

Fri, Jun 17, 8:26 PM · gnupg
DemiMarie updated the diff for D555: g10: Disallow compressed signatures and certificates.
Fri, Jun 17, 8:21 PM · gnupg

Thu, Jun 16

DemiMarie added a comment to T6031: Creating an overlong notation hits a fatal error..

{please add comments instead of adding the description - a changed description makes it hard to understand follow up comments. I will change the title, though for clarity.]

Thu, Jun 16, 7:19 PM · Bug Report, gnupg
DemiMarie edited projects for D555: g10: Disallow compressed signatures and certificates, added: gnupg; removed g10.
Thu, Jun 16, 6:53 PM · gnupg
DemiMarie added a task to D555: g10: Disallow compressed signatures and certificates: T5993: gpg should reject compressed packets outside of messages.
Thu, Jun 16, 6:53 PM · gnupg
DemiMarie added a revision to T5993: gpg should reject compressed packets outside of messages: D555: g10: Disallow compressed signatures and certificates.
Thu, Jun 16, 6:53 PM · Feature Request, gnupg
DemiMarie retitled D555: g10: Disallow compressed signatures and certificates from Disallow compressed signatures and certificates to g10: Disallow compressed signatures and certificates.
Thu, Jun 16, 6:53 PM · gnupg
DemiMarie raised the priority of T6021: GPG misparses `--list-options=show-sig-subpackets="100"a` from Low to Needs Triage.
Thu, Jun 16, 6:52 PM · g10, Bug Report
DemiMarie added a comment to T6032: Assertion failure in gpg.

I will try, but it will likely be a while. In any case I believe you will need a Red Hat-family distro to trigger the bug; it happens when gpg trys to encrypt with a key that uses a public key algorithm libgcrypt does not support.

Thu, Jun 16, 6:42 PM · RHEL, g10, Bug Report
DemiMarie reopened T6021: GPG misparses `--list-options=show-sig-subpackets="100"a` as "Open".

Reopening as it appears this issue was closed based on an incorrect understanding of what it is.

Thu, Jun 16, 3:20 PM · g10, Bug Report
DemiMarie reopened T6032: Assertion failure in gpg as "Open".

Reopening as gpg’s handling of the situation is very much suboptimal.

Thu, Jun 16, 3:19 PM · RHEL, g10, Bug Report
DemiMarie closed T6032: Assertion failure in gpg as Invalid.

Closing as I believe this is a downstream bug.

Thu, Jun 16, 12:26 AM · RHEL, g10, Bug Report
DemiMarie updated the task description for T6031: Creating an overlong notation hits a fatal error..
Thu, Jun 16, 12:03 AM · Bug Report, gnupg

Wed, Jun 15

DemiMarie created T6032: Assertion failure in gpg.
Wed, Jun 15, 11:34 PM · RHEL, g10, Bug Report
DemiMarie created T6031: Creating an overlong notation hits a fatal error..
Wed, Jun 15, 9:46 PM · Bug Report, gnupg

Mon, Jun 13

DemiMarie created T6029: ntbtls: Require TLS 1.2 or later + AEAD by default.
Mon, Jun 13, 11:21 PM · ntbtls
DemiMarie created T6028: gpgme should support creating clearsigned messages.
Mon, Jun 13, 5:52 PM · Feature Request, gpgme

Fri, Jun 10

DemiMarie added a comment to T6021: GPG misparses `--list-options=show-sig-subpackets="100"a`.

The quotes are irrelevant because they are evaluated by the shell and don't make a difference here.

Fri, Jun 10, 11:59 PM · g10, Bug Report
DemiMarie added a reviewer for D555: g10: Disallow compressed signatures and certificates: werner.
Fri, Jun 10, 9:44 PM · gnupg
DemiMarie updated the diff for D555: g10: Disallow compressed signatures and certificates.

Added missing context lines and replaced some tabs with spaces

Fri, Jun 10, 9:42 PM · gnupg
DemiMarie requested review of D555: g10: Disallow compressed signatures and certificates.
Fri, Jun 10, 9:01 PM · gnupg
DemiMarie created T6025: '--list-options=show-sig-subpackets="100"a` mishandled.
Fri, Jun 10, 10:26 AM
DemiMarie added a comment to T6021: GPG misparses `--list-options=show-sig-subpackets="100"a`.

For clarification, the strings I have provided are raw argv elements as would be passed to execve(), with quoting already removed.

Fri, Jun 10, 10:24 AM · g10, Bug Report
DemiMarie renamed T6024: gpg-agent segfaults if it receives an invalid response to a KEYPARAM inquire from gpg-agent segfaults if it receives an invalid response to a KEYPARAMS inquire to gpg-agent segfaults if it receives an invalid response to a KEYPARAM inquire.
Fri, Jun 10, 10:21 AM · can't replicate, gnupg
DemiMarie created T6024: gpg-agent segfaults if it receives an invalid response to a KEYPARAM inquire.
Fri, Jun 10, 4:14 AM · can't replicate, gnupg
DemiMarie added a comment to T6021: GPG misparses `--list-options=show-sig-subpackets="100"a`.

I am using GnuPG 2.3.4 on Fedora Linux. I am referring to --list-options=show-sig-subpackets="100"a (note the quotes). The bug is that the character after the trailing close quote is ignored, rather than being treated as an invalid option and causing an error. That is, I would expect show-sig-subpackets="100"a to be parsed as show-sig-subpackets="100",a or be an error.

Fri, Jun 10, 4:10 AM · g10, Bug Report
DemiMarie added a comment to T6022: Socket activation for keyboxd and scdaemon.

gpg-agent --supervised being deprecated is highly surprising, especially because it works so well with systemd.

Fri, Jun 10, 4:02 AM · Feature Request

Thu, Jun 9

DemiMarie created T6022: Socket activation for keyboxd and scdaemon.
Thu, Jun 9, 8:56 AM · Feature Request
DemiMarie created T6021: GPG misparses `--list-options=show-sig-subpackets="100"a`.
Thu, Jun 9, 8:53 AM · g10, Bug Report

May 23 2022

DemiMarie added a comment to T5975: Allow signature verification using specific RSA keys <2k in FIPS mode.

I can imagine thar there are use cases for this. Thus I see no problems for the first part.

The second part is imho not a good idea. Libgcrypt is a building block for all kind of software and there are for sure legitimate reasons to use rsa512 (MCUs, short living keys, etc). Thus I think that the decision on the key size should be done by the software using libgcrypt.

May 23 2022, 5:56 PM · Testing, patch, libgcrypt, FIPS, Feature Request
DemiMarie created T6001: Drop compression support in ntbtls.
May 23 2022, 5:52 PM · ntbtls
DemiMarie created T6000: GnuPG considers certain invalid UTF-8 to be valid.
May 23 2022, 5:42 PM
DemiMarie created T5999: Provide an ASCII-output-only mode.
May 23 2022, 5:40 PM

May 22 2022

DemiMarie added a comment to T5993: gpg should reject compressed packets outside of messages.

I would be okay with GnuPG ignoring such packets, but I do not want verifying a signature or importing a key to activate the decompression code and its associated attack surface.

May 22 2022, 8:57 PM · Feature Request, gnupg
DemiMarie added a comment to T5993: gpg should reject compressed packets outside of messages.

This specificiation is a draft which has not even been discussed in the WG. In any case gpg won't implement this because it would break processing of existing data.

May 22 2022, 8:56 PM · Feature Request, gnupg
DemiMarie created T5994: LC_ALL=C gpg should produce ASCII-only output.
May 22 2022, 12:42 AM · gnupg
DemiMarie created T5993: gpg should reject compressed packets outside of messages.
May 22 2022, 12:20 AM · Feature Request, gnupg
DemiMarie created T5992: gpg should reject compressed packets outside of messages.
May 22 2022, 12:19 AM · Duplicate