ietf-822
[Top] [All Lists]

Re: Draft for signed headers

1999-03-18 10:10:15
In <19990317090043(_dot_)36237(_at_)main(_dot_)templetons(_dot_)com> Brad 
Templeton <brad(_at_)templetons(_dot_)com> writes:

On Wed, Mar 17, 1999 at 11:54:40AM -0500, 
Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:

There is no need to "sign" a "signed" header.   Can you tell me why you
would want to do this?   A "signed" header (and any certificate) is
verifiable on its own when paired with the signed headers and body.  I


No, the standard proposed a complex mechanism of self-signing parts of
the signed header (a canonicalized expansion of the header list, and
all the other parts except the signature)

There is an example in my Draft of a Signed header that is itself signed.
I think it was a realistic case, though I agree it will not be common.

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Email:     chl(_at_)clw(_dot_)cs(_dot_)man(_dot_)ac(_dot_)uk  Web:   
http://www.cs.man.ac.uk/~chl
Voice/Fax: +44 161 437 4506      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9     Fingerprint: 73 6D C2 51 93 A0 01 E7  65 E8 64 7E 14 A4 AB A5

<Prev in Thread] Current Thread [Next in Thread>