At 2:07 PM +0100 1999-04-21, Adam Back wrote:
[elided]
- PRZ identified the problem that even with signed messages often the
public key is not present to verify them, so integrity is not assured.
With openPGP and pgp(5|6).x where multiple signatures can be applied,
the document could be signed by both the fixed published RSA key, and
the user's private RSA key. [...]
Adam,
The parallel signature extension I've added to the forthcoming
OpenPGP/MIME draft will make this very easy for MIME-compliant
mailers. Thomas Roessler and I are hoping to have the draft ready for
the Oslo IETF in July, and we'll have it up on the list for dsicussion
fairly soon.
dave
An excerpt:
................................. cut here .................................
8. Parallel (Multiple) Signatures
Digitally signed messages conforming to this document are denoted by
the "multipart/signed" content type, defined in RFC 1847, with a
"protocol" parameter which MUST have a value of "multipart/mixed".
(MUST be quoted).
The "micalg" parameter MUST contain a comma-separated list of hash-
symbols. These hash-symbols identify the message integrity check
(MIC) algorithm(s) used to generate the subsequent signature(s).
Hash-symbols MUST NOT occur more than once in this list.
The multipart/signed body MUST consist of exactly two parts. The
first part contains the signed data in MIME canonical format,
including a set of appropriate content headers describing the data.
The second part MUST be of type "multipart/mixed". Each sub-part
represents an individual digital signature which has been formed
according to RFC 1847 and the specification of the signature protocol
used.
Example message:
From: Dave Del Torto <ddt(_at_)pgp(_dot_)com>
To: Raph Levien <raph(_at_)acm(_dot_)org>
Mime-Version: 1.0
Content-Type: multipart/signed; protocol="multipart/mixed";
boundary=0000_031; micalg="pgp-md5,pgp-sha1,rsa-md5"
--0000_031
Content-Type: text/plain
Hi Raph,
Here's some text with parallel (multiple) digital signatures
in various formats.
dave
______________________________________________________________________
"All email luxuriantly hand-crafted using only the finest ASCII text."
--0000_031
Content-Type: multipart/mixed; boundary=0000_032
--0000_032
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: PGP 2.6.2
Comment: Hash computed using MD5 micalg.
iQCVAwUBM0Iu16HBOF9KrwDlAQGaiQP9EU1YXgMSoNxDAqSmo7UoCE52DuYCfxm7
x8RfRr9+Xz3nPFytSYM2TIWGMeKi1fVr5PhfjdrKvOh9sCq97h6zndZVpGA9x62k
mPVn/QY3fz1eOdyJbYvW4ba7WQll5OoA6cqmEb9tWwh4ra4yE8hZMnLS9a0uPpuB
5dpiTTAE/gY=
=hD3D
-----END PGP SIGNATURE-----
--0000_032
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Comment: Hash computed using SHA-1 micalg (FIPS 180-1).
iQCVAwUBM0It9qHBOF9KrwDlAQFBaQQAisIzQUgyknT2v729b7MImcUc3ROdRBh6
nwMyAfdewQYCDxqdDWvnD1UWoUjwjA1JNA6qhTXBxs8yPtZdDZaguOG2zWawyat9
Jib556AuSx10psREDC3vNsaJ99MV8SKFF92H53l9w/YhVOA0aMZeNfLE0jJVypkY
/so4/7DHhqQ=
=/wlj
-----END PGP SIGNATURE-----
--0000_032
Content-Type: application/x-pkcs7-signature
Content-Transfer-Encoding: base64
Comment: Hash computed using S/MIME MD5 micalg.
MIAGCSqGSIb3DQEHAqCAMIACAQExDjAMBggqhkiG9w0CBQUAMIAGCSqGSIb3DQEH
[ciphertext elided]
+kNIWIbxNiNje1wlzIhaGjrGrOnvYc8+tFn2LgAAAAAAAAAA
--0000_032--
--0000_031--