Hal writes:
There is no plan to add MAC or other lightweight signatures to PGP 6.0.
That may go into a future version.
Thanks for the clarification.
I will make a proposal on how I think it ought to be done, for when it
gets done, along the lines of Tom Zerucha's thoughts.
Then I will examine the current draft and suggest any wording (if any)
that needs to be added to the current draft to ensure that openPGP-1.0
implementations won't get upset when they see such a packet.
The most important aspect of this, as Tom suggested, is that
openPGP-1.0 should gracefully cope with this (and other similar)
unknown signature packets, by still emitting plaintext.
I suggest that we consider reserving a packet number for MDC/Integrity
check purposes.
I won't be able to do this until monday, because I am off early am to
CEN/TC251 meetings in France.
I hope this won't be too late for consideration. If anyone would like
to do this exercise before monday feel free to take the baton.
Part of this process if there is time could be one of the implementors
adding this, and running the results through the other implementations
to see what they currently do. (sigsegv? refuse to emit plaintext? or
work already).
(I suggest a new signature type, and use of HMAC-HASH( HASH(
session-key ), message ) as the MDC. For testing purposes a message
digest would do to see what other implementations think of it.)
Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U(_at_){$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`