There a whole long annoying debates in AEAD proposal discussions about the exact right way to avoid exactly this property.
-
-
We may be in distinction-without-a-difference land here. If you’re arguing that nothing in the GPG stack should be using the interfaces they’re using, I don’t have a strong POV on that. Sorry if I’m being obstinate.
-
Yes, I'm saying clients should be using gpgme, it wraps all of this internal crazy stuff in a high-level, documented and supported api. If clients use the internal stuff directly anyway and then screw it up, I'm saying I don't see how that's a gpg vulnerability.
- 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
