-----BEGIN PGP SIGNED MESSAGE-----
In <98Jul23(_dot_)200511edt(_dot_)43010(_at_)brickwall(_dot_)ceddec(_dot_)com>,
on 07/23/98
at 07:07 PM, dontspam-tzeruch(_at_)ceddec(_dot_)com said:
Would it be ambiguous if a false keyid appeared in the unhashed section?
If one did appear, but was fake, do you say the signature is actually bad
when the hash corresponds (first two octets), and matches another key on
your ring?
Well unless you check every public key in the users keyring you would
never know if another key would verify the signature or not. Since it is
doubtful that anyone is going to do this in their implementations I would
have to say if it has a fake keyID in the sig the sig is to be considered
invalid.
- --
- ---------------------------------------------------------------
William H. Geiger III http://users.invweb.net/~whgiii
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://users.invweb.net/~whgiii/pgp.html
- ---------------------------------------------------------------
Tag-O-Matic: Double your drive space! Delete Windows!
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a-sha1
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000
iQCVAwUBNbh6Xo9Co1n+aLhhAQGsegP8DJQVlD42eUouZylYZjzrh01LC/yJBcSa
I5Eonb5NSFOSHwvQnh91gFD2+Gu6HeC67E6gUTg1gYj4Gf8QwwG40ko6GpLoJKzp
4yjJEc4Dgct6DU3EvZyirrT3nssFKl2TZ/rcqL0M0pTdXFNH+b6ta2uaEpa+Mo1M
niZF23dPRK8=
=OkuT
-----END PGP SIGNATURE-----