tzeruch(_at_)ceddec(_dot_)com writes:
Actually I would dump 1-pass signatures.
The way I would implement multiple signatures is to use one of the
subpackets to indicate nesting in the existing signature structure.
The purpose of the 1-pass signature packets is not primarily to provide
multiple signature capability. The main purpose is to allow the signer
to process the entire message in one pass.
With old-style signatures, the signature has to go at the front of
the message. But the signer can't create the signature until he has
processed the whole message. So he then has to go back and stick the
signature back at the front of the message, which requires some buffering
and re-scanning of the data.
With the 1-pass signature, the signer puts the 1-pass packet at the
front to tell the verifier what hash to use, then comes the message,
and then comes the signature. This is a much more natural flow for all
parties.
PGP 2.X creates many temp files to deal with the buffering needed by the
signature structure, and the need to know all packet lengths in advance.
The one-pass signature packets and partial packet length specifiers are
designed to allow processing messages without any temporary files, which
enhances security and performance.
Hal