ietf-openpgp
[Top] [All Lists]

Re: rfc2440bis-02 comments

2000-12-08 04:57:25
On Fri, 8 Dec 2000, Marc Horowitz wrote:

3. Subpacket 23 (key server preferences) is specified to be "found
   only on a self-signature".  It should say if that means a direct
   key signature (which makes the most sense to me), or something

As with many other subpackets there is no clear definition on what
to do and it is left to the implementor to decide this.  From my
understanding it does make sense to handle such things this way:

  * If it is on any direct key signature, use this one (or exactly
    the one on the latest direct key signure.

  * Otherwise take it from the latest self-signature.  

(I have worked out some more rules and checked them with Hal.
Currently I can't access them - please ask me next week, if you are
interested)

4. The document is vague on what constitures "advisory information" in
   a signature subpacket (section 5.2.3).  I believe that unhashed
   signature subpackets were a mistake (I can expound on this if

No, they make sense.  It may happen that you need to store some meta
information about a signature which you have to calculate after
signature creation. 

However, a big warning about unhashed stuff should be present.

5. There should be a note that the critical bit MUST be ignored on
   unhashed signature subpackets.  Otherwise, an attacker can easily
   cause any signature to fail to verify.

Does not make sense.  An attacker can make _any_ signature fail but
just flipping one bit.


  Werner

<Prev in Thread] Current Thread [Next in Thread>