Interpretation 1 1{2,3{lit}3,2}1, i.e. sigs in reverse order of 1pass
headers is the proper one. Someone check the syntax again.
The nesting is important. For a one-pass implementation, it makes it hard
if you have to check every onepass to see if it was NESTED - see the
discussion of the nested octed in 1pass sig header packets. That is the
major headache since only nonnested signatures could be moved around
anyway. The moment the signatures are nested (i.e this signature includes
the following one-pass packet through the signature at the end), order is
critical.
Syntactically, it is similar to a do { ... } while(...); in C - the do
says to look for a while.
And if you do a onepass implementation like I do (the whole reason for
having 1pass sig headers), it works better if you can create a stack and
simply note the nesting level, then pop each context off the stack as its
corresponding signature appears.
Further, you might have to test more than one signature - keyids aren't
guarnteed to be unique.
--- reply to tzeruch - at - ceddec - dot - com ---