* g10.c (add_notation_data): Disallow notation names that do not contain a

'@', unless --expert is set.  This is to help prevent people from
polluting the (as yet unused) IETF namespace.

* main.h: Comments about default algorithms.

* photoid.c (image_type_to_string): Comments about 3-letter file
extensions.

1 files changed, 21 insertions, 4 deletions

diff --git a/g10/g10.c b/g10/g10.c
index b6154dd14..3fa6547bf 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -2812,6 +2812,7 @@ add_notation_data( const char *string, int which )
     STRLIST sl,*notation_data;
     int critical=0;
     int highbit=0;
+    int saw_at=0;
 
     if(which)
       notation_data=&opt.cert_notation_data;
@@ -2823,13 +2824,29 @@ add_notation_data( const char *string, int which )
 	string++;
     }
 
-    for( s=string ; *s != '='; s++ ) {
-	if( !*s || (*s & 0x80) || (!isgraph(*s) && !isspace(*s)) ) {
+    /* If and when the IETF assigns some official name tags, we'll
+       have to add them here. */
+
+    for( s=string ; *s != '='; s++ )
+      {
+	if( *s=='@')
+	  saw_at=0;
+
+	if( !*s || (*s & 0x80) || (!isgraph(*s) && !isspace(*s)) )
+	  {
 	    log_error(_("a notation name must have only printable characters "
 			"or spaces, and end with an '='\n") );
 	    return;
-	}
-    }
+	  }
+      }
+
+    if(!saw_at && !opt.expert)
+      {
+	log_error(
+	        _("a user notation name must contain the '@' character\n"));
+	return;
+      }
+
     /* we only support printable text - therefore we enforce the use
      * of only printable characters (an empty value is valid) */
     for( s++; *s ; s++ ) {