Mailing List Archive

On 18/02/2020 07:31, NIIBE Yutaka wrote:
> OpenPGP has support of regular expression with trust Signature packets.
>
> GnuPG 2.x only supports the feature when it can find regcomp/regexec
> routines in system library. On Windows, it is not supported.

Isn't this a case of pathological featuritis? If nobody has screamed
about the inconsistencies so far, it's a pretty good sign that nobody
has any use for it. Burn it.

--
Andrew Gallagher

On 2/18/20 10:09 AM, Andrew Gallagher wrote:
> On 18/02/2020 07:31, NIIBE Yutaka wrote:
>> OpenPGP has support of regular expression with trust Signature packets.
>>
>> GnuPG 2.x only supports the feature when it can find regcomp/regexec
>> routines in system library. On Windows, it is not supported.
>
> Isn't this a case of pathological featuritis? If nobody has screamed
> about the inconsistencies so far, it's a pretty good sign that nobody
> has any use for it. Burn it.

I've been working on tooling to help organizations set up signatures
between keys so they can more easily use the web of trust.
In this context, I plan to use Regular Expression (5.2.3.14) packets.

While testing, I recently stumbled over the problem that Windows builds
of GnuPG don't support this part of the RFC.
So Niibe's work on this would be very beneficial for me.

Regards,
Heiko

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

On 18/02/2020 11:58, Heiko Schaefer wrote:
> So Niibe's work on this would be very beneficial for me.

I stand corrected. :-)

--
Andrew Gallagher

Hi all--

On Tue 2020-02-18 12:58:21 +0100, Heiko Schaefer via Gnupg-devel wrote:
> I've been working on tooling to help organizations set up signatures
> between keys so they can more easily use the web of trust.
> In this context, I plan to use Regular Expression (5.2.3.14) packets.

Heiko, it might be useful to point the list toward any documentation you
have about how you intend to use regular expressions in the context of
organization-based identity certification.

There has been a series of problems with the GnuPG implementation of
regexps even on those platforms where some portion of regex is
implemented, iirc.

Knowing which corners of regex (a complicated spec in itself!) are
actively supported would be pretty useful.

--dkg

> On Tue 2020-02-18 12:58:21 +0100, Heiko Schaefer via Gnupg-devel wrote:
>> I've been working on tooling to help organizations set up signatures
>> between keys so they can more easily use the web of trust.
>> In this context, I plan to use Regular Expression (5.2.3.14) packets.
>
> Heiko, it might be useful to point the list toward any documentation you
> have about how you intend to use regular expressions in the context of
> organization-based identity certification.
>
> There has been a series of problems with the GnuPG implementation of
> regexps even on those platforms where some portion of regex is
> implemented, iirc.
>
> Knowing which corners of regex (a complicated spec in itself!) are
> actively supported would be pretty useful.

Right now I'm using exactly the form of regex that is documented here:

https://dev.gnupg.org/source/gnupg/browse/master/g10/trustdb.c;59d49e4a0ac2ed27803507cb7d2c6af166527bd5%241524


So, for my use-case it would be sufficient to have working regexes of
the following type on all platforms:

"<[^>]+[@.]example\.com>$"


(I've verified that the GnuPG build on Debian works as expected for my
use-case with this type of regex)

Heiko

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

On Wed, 19 Feb 2020 16:32, Daniel Kahn Gillmor said:

> There has been a series of problems with the GnuPG implementation of
> regexps even on those platforms where some portion of regex is
> implemented, iirc.

Indeed we have had some problems with that due to our use of non-rfc4880
compliant regex libraries and different assumptions on which regexp are
to be used. OpenPGP states:

The regular expression uses the same syntax as the Henry Spencer's
"almost public domain" regular expression [REGEX] package. A
description of the syntax is found in Section 8 below.

I doubt that anyone fully checked Henry Spencer's code against the
description in section 8 or even against one of the larger regexp
implementations. GnuPG stepped things mostly aside by not allowing to
enter arbitrary regexps.

Aside of OpenPGP GnuPG has the small helper gpg-check-pattern to reject
common patterns as password. There we define regexp as

/* The pattern is an extended regular expression. */

but I think that it would be okay to use the Spencer code here as well.
The sample file list just two examples

# German number plates.
/^[A-Z]{1,3}[ ]*-[ ]*[A-Z]{1,2}[ ]*[0-9]+/

# Dates (very limited, only ISO dates). */
/^[012][0-9][0-9][0-9]-[012][0-9]-[0123][0-9]$/

which is vanilla extend r.e.



Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.