In
<19990528123701(_dot_)A28938(_at_)frodo(_dot_)isil(_dot_)d(_dot_)shuttle(_dot_)de>,
on 05/28/99
at 05:37 AM, Werner Koch <wk(_at_)isil(_dot_)d(_dot_)shuttle(_dot_)de> said:
Werner Koch <wk(_at_)isil(_dot_)d(_dot_)shuttle(_dot_)de> writes:
However, the octet count for the [un]hashed subpackets is limited to
65535.
It just came to my mind, that large signature packets (currently they
have a limit of about 128k) do impose a problem:
It will then not be possible to keep the complete signature packet in
memory. Signatures may be (theoretical) very large - up to 4 Gigs and
due to this they have to be handled like plaintext.
Doess it really make sense to build a protocol - based on OpenPGP -
which puts all it's dat into a signature packet? Such data should go
into a literal text packet or some new packet type.
IMNSHO it is brain dead to stuff data into signature packets. It is not
where it belongs. PGP has a very nice and simple signature format: A hash
of the data encrypted with the signer's public key. That's all that needs
to be there, no need to start bloating out the signatures.
--
---------------------------------------------------------------
William H. Geiger III http://www.openpgp.net
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii
Hi Jeff!! :)
---------------------------------------------------------------