ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: 2.1, 2.2 and 10.2 Clarification re sigs.

2000-07-19 09:34:10
from [hal] [Permanent Link] 
that is, should the specification say:

 Signed Message :- OpenPGP Message, Signature Packet | One-Pass Signed Message

or

 Signed Message :- Signature Packet, OpenPGP Message | One-Pass Signed Message


The spec is correct; it is the latter.  Signature packets have *always*
come at the front, since back in PGP 1.0.  If you have seen messages
that were different (and not one-pass signed messages), you have seen
invalid messages.

With regard to Erron Criddle's earlier question:


To me, "attached" (as in 2.1 and 2.2) means you add it to the end of 
something and this contradicts 10.2 explanation of a Signed Message (a 
signed message implies that it is prepended, not attached).


Not to me.  That word would be "appended".  "Attached" is not meant to
imply any ordering.  2.1 and 2.2 are meant to give a very rough overview
of the steps involved in creating an OpenPGP message, not to be a detailed
specification of the process.  That is for the rest of the document.


By reading section 10.2, it seems that there are two possibilities for 
signing a literal message:

1) You create a signature packet then prepend it to the literal packet

2) You create a signature packet and a One-Pass Signature Packet then 
prepend the One-Pass packet to the literal packet and append the signature 
packet to the literal packet.

Therefore, my final questions are:

1) Can you create a simple signature packet and attach it to the end of a 
literal packet as stated in 2.1 and 2.2 and subsequently contradict 10.2 
regarding the definition of a signed message and:


2.1 and 2.2 don't say that, and you can't do this.


2) Why would you need a One-Pass Signature Packet if we conform to 10.2 and 
simply prepend a normal signature packet to the literal data with a 
subpacket of type 16 (key id), thus removing the need for a One-Pass packet 
in the first place?


This is so that the signer can process the message in one pass.
He doesn't know the hash until he comes to the end of the message,
so he can't compute the signature until that time.  With the old-style
signature packets he would then have to go back to the beginning of the
message and put the sig there, preventing one-pass processing.

Hal
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: sig. subpacket & length conflicts?, hal
Next by Date:  Re: Signature Subpacket format questions, Jon Callas
Previous by Thread:  2.1, 2.2 and 10.2 Clarification re sigs., Erron Criddle
Next by Thread:  Re: 2.1, 2.2 and 10.2 Clarification re sigs., Erron Criddle
Indexes:  [Date] [Thread] [Top] [All Lists]