[Top] [All Lists]

Re: new approach to MDCs: single shared private key

1999-04-21 12:50:13
At 2:07 PM +0100 1999-04-21, Adam Back wrote:
- PRZ identified the problem that even with signed messages often the
public key is not present to verify them, so integrity is not assured.
With openPGP and pgp(5|6).x where multiple signatures can be applied,
the document could be signed by both the fixed published RSA key, and
the user's private RSA key.            [...]


The parallel signature extension I've added to the forthcoming
OpenPGP/MIME draft will make this very easy for MIME-compliant
mailers. Thomas Roessler and I are hoping to have the draft ready for
the Oslo IETF in July, and we'll have it up on the list for dsicussion
fairly soon.


An excerpt:
................................. cut here .................................
8.  Parallel (Multiple) Signatures

   Digitally signed messages conforming to this document are denoted by
   the "multipart/signed" content type, defined in RFC 1847, with a
   "protocol" parameter which MUST have a value of "multipart/mixed".
   (MUST be quoted).

   The "micalg" parameter MUST contain a comma-separated list of hash-
   symbols.  These hash-symbols identify the message integrity check
   (MIC) algorithm(s) used to generate the subsequent signature(s).
   Hash-symbols MUST NOT occur more than once in this list.

   The multipart/signed body MUST consist of exactly two parts.  The
   first part contains the signed data in MIME canonical format,
   including a set of appropriate content headers describing the data.

   The second part MUST be of type "multipart/mixed".  Each sub-part
   represents an individual digital signature which has been formed
   according to RFC 1847 and the specification of the signature protocol

   Example message:

        From: Dave Del Torto <ddt(_at_)pgp(_dot_)com>
        To: Raph Levien <raph(_at_)acm(_dot_)org>
        Mime-Version: 1.0
        Content-Type: multipart/signed; protocol="multipart/mixed";
           boundary=0000_031; micalg="pgp-md5,pgp-sha1,rsa-md5"

        Content-Type: text/plain

        Hi Raph,

        Here's some text with parallel (multiple) digital signatures
        in various formats.


        "All email luxuriantly hand-crafted using only the finest ASCII text."

        Content-Type: multipart/mixed; boundary=0000_032

        Content-Type: application/pgp-signature

        -----BEGIN PGP SIGNATURE-----
        Version: PGP 2.6.2
        Comment: Hash computed using MD5 micalg.

        -----END PGP SIGNATURE-----

        Content-Type: application/pgp-signature

        -----BEGIN PGP SIGNATURE-----
        Version: PGP for Personal Privacy 5.0
        Comment: Hash computed using SHA-1 micalg (FIPS 180-1).

        -----END PGP SIGNATURE-----

        Content-Type: application/x-pkcs7-signature
        Content-Transfer-Encoding: base64
        Comment: Hash computed using S/MIME MD5 micalg.

         [ciphertext elided]



<Prev in Thread] Current Thread [Next in Thread>