here are some more clarification questions...
-section 4.3 is titled "Packet Tags", and the term "packet tag" is used
throughout, but strictly speaking, shouldn't that be "content tag" as
per section 4.2?
I'll let someone else worry about that...
-section 5.2.3 describes the version 4 signature packet format. one of the
fields is described as:
Hashed subpacket data. (zero or more subpackets)
what is meant by "hashed" here? are the contents of this field actual
subpackets or hash(subpackets)? i presume it is the former and that
"hashed" refers to the fact that the "hashed subpackets" field is included
among the material that is hashed when a signature is computed.
Yes.
so "normally" the contents of the "hashed subpackets" field and the
"unhashed subpackets" field should be identical, correct?
No. Some subpackets are hashed, while other ones are unhashed. The
latter are not protected by the signature and would be considered
"advisory", like hints about where to find the signing key. Currently
we consider signing key id to be in that category.
-section 5.2.3.1 describes the signature subpacket specification. in
the description of the subpacket header there is the following:
- the subpacket type (1 octet)
then, shortly after:
The value of the subpacket type octet may be:
2 = signature creation time
...
100 to 110 = internal or user-defined
however:
Bit 7 of the subpacket type is the "critical" bit. If set, it
denotes that the subpacket is one that is critical for the evaluator
of the signature to recognize. If a subpacket is encountered that
is marked critical but is unknown to the evaluating software, the
evaluator SHOULD consider the signature to be in error.
i presume this means that the legal values (2, 3, 4, 5, 6, 7, etc.) listed
for the subpacket type octet actually refer to bits 6 through 0 of the
octet, and not that there haven't been any "critical subpacket types" defined
yet. is this correct? if so, i think alternate wording would be less
ambiguous.
Yes, your interpretation is correct.
-section 5.2.3.3 has some notes on self-signatures. the following text
appears therein:
If the key is located by key id, then algorithm of the default user id
of the key provides the default symmetric algorithm.
the term "default user id" is used -- i failed to locate a definition for
this term. could someone point out the definition in the specification
or give one?
The default user id is better known as the primary user id - the user id
with a self-signature on it that includes the primary user id subpacket.
Hal