ietf-openpgp
[Top] [All Lists]

Re: Some suggestions

1998-04-30 16:59:28
At 02:57 PM 4/28/98 +0200, Werner Koch wrote:

    1) The comment packets are gone.
       Ooops.  How can write code when the specification is changed at 
       will.  I was lucky to find a solution for the moved comment packet
       number from 14 to 16 - and now there is no comment packet at all.
       So what shall I do?  Go back to RFC1991 or stay with comment packet
       of type 16?
   
       Comment packets are very useful:  I use them to store the factorization
       of the ElGamal prime (in case someone wants to check it), store
       a program version number to make debugging easier.  Another use is
       to transport additional informations to other programs in a pipeline.
   
       *Please put the comment packets back into OpenPGP*

The comment packet is gone at the area director's request. The uses you
give for it are good ones, but other protocols with similar features have
also had them removed. However, if you want to carry meta-data in a
pipeline, there's no reason why you can't use packets 60-63 for this. They
are specifically reserved for private or experimental use. 
   
    3) 4 new signature classes 0x14 to 0x17
       which are like 0x10..0x13 but do a hash over all preceding
       user id packets.  This has the advantage of keeping a public
       key certificate small but a signator is still able to sign
       more than one user-id.

    4) A signature class which can used to sign the complete
       public key certificate would be very nice - or is there
       already one which can be used for this purpose?
    
These are both good features for post-V1. Presently, the packets in a
certificate can be re-ordered. Not arbitrarily, but sigs under a given user
id can be reordered, and the user names themselves can be reordered.
Because of this, there's no way to specify what it means for a user id to
be preceding, or what order to hash the whole thing. I think this is a
wonderful use for the extension mechanism -- you could write into an
extension (notation) the values of the other user names you wanted to sign.

        Jon


   


-----
Jon Callas                                  jon(_at_)pgp(_dot_)com
CTO, Total Network Security                 4200 Bohannon Drive
Network Associates, Inc.                    Menlo Park, CA 94025
(650) 473-2860                              
Fingerprints: D1EC 3C51 FCB1 67F8 4345 4A04 7DF9 C2E6 F129 27A9 (DSS)
              665B 797F 37D1 C240 53AC 6D87 3A60 4628           (RSA)