G'day all.
dontspam-tzeruch(_at_)ceddec(_dot_)com wrote:
So what you are saying is that:
One-Pass Signed Message :- One-Pass Signature Packet,
OpenPGP Message, Signature Packet.
doesn't imply that the One-Pass Signature Packet which prefixes the
message MUST correspond to the Signature Packet which comes after the
message.
It does suggest to me that my implementation MUST accept such messages,
but it doesn't imply that I MUST produce such messages, no. The
obvious (for some definition of "obvious") way to produce one-pass
signatures is to produce one-pass signature packets by iterating over
some sequence, processing the data, then producing the signature packets
in the same order by a similar iteration. The temptation is too great
to hope that people will simply get the hint. :-)
Actually, come to think of it, it does remind me of a programming
language construct from the distant past: multiple assignment.
Some older languages allowed you to write things like:
(a,b,c) := (1,2,3);
which was understood to mean:
a := 1;
b := 2;
c := 3;
The only way you can express the constraint that the size of the tuple
on the LHS is the same as the size of the tuple on the RHS as part of
a context-free grammar is to use something like this:
Assignment ::= '(', Multiple Assignment, ')'.
Multiple Assignment ::= Variable, Multiple Assignment, Expression
| ')' ':=' '('.
Note that the Variable and the Expression don't correspond here.
Would this be better:
One-Pass Signed Message :- One-Pass Signature Packet,
OpenPGP Message, Corresponding Signature Packet.
That would clear things up with the minimum of text, yes.
Cheers,
Andrew Bromage