diff options
author | Nick Mathewson <nickm@torproject.org> | 2008-11-30 06:49:10 +0000 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2008-11-30 06:49:10 +0000 |
commit | 36d91991e3e4dd00051aaa4c92a3dae8fabcec39 (patch) | |
tree | c5b953e3674f0dda07697e94dd61c9cb6b27fd9a | |
parent | d124ec5255713e40b5f325c614ad9fdb7f26ff28 (diff) |
explain a bit better about why GPG signature checking in thandy is not going to happen.
git-svn-id: file:///home/or/svnrepo/updater/trunk@17417 55e972cd-5a19-0410-ae62-a4d7a52db4cd
-rw-r--r-- | specs/thandy-spec.txt | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/specs/thandy-spec.txt b/specs/thandy-spec.txt index ca3f5c8..3726c94 100644 --- a/specs/thandy-spec.txt +++ b/specs/thandy-spec.txt @@ -739,7 +739,10 @@ R.1. Considering recommended versions from Tor consensus directory documents R.2. Integration with existing GPG signatures - The OpenPGP signature and key format is so complicated that you'd - have to be mad to touch it. + The OpenPGP signature and key format is so complicated that you'd have + to be mad to try to read it yourself. (Check out RFC2440 for + information about how bad it is in theory; in practice, it's worse.) + Therefore, if we wanted to check OpenPGP signatures, we would + basically have to bundle GPG. |