Thomas, Roessler <roessler(_at_)does-not-exist(_dot_)org>, writes:
Now, for PGP/MIME, this turns into a really ugly problem: RFC 2015
does not specify which kind of signature to use. However, it does
specify how the signed material should be canonicalized before
hashing.
I don't fully understand what you are saying here. When you talk about
"what kind of signature to use", are you referring SOLELY to the value of
the signature-type byte within the signature packet? This is the byte
which is described in RFC2440, section 5.2.1, as 0x00 for a signature
of a binary document, and 0x01 for a signature of a text document.
Is this the ONLY question as issue, what value to put into this byte?
Or, is there a separate question: what exactly should be hashed?
Above you say that RFC2015 specifies how the signed material should be
canonicalized before hashing. If this is true, then the second question
is not at issue, because you'd have a precise specification of what
exactly should be hashed, for any given PGP/MIME message.
However I don't see that RFC2015bis does precisely specify what is hashed.
In section 5, it describes some canonicalization rules, and then says,
(4) As described in [2], the digital signature MUST be calculated
over both the data to be signed and its set of content headers.
(where [2] is RFC1847, Security Multiparts for MIME).
This does not explicitly describe what is hashed. Rather, it describes a
pre-processing step before calculating a digital signature over the data.
The question of what is hashed would then depend on what the signature
engine does to the data AFTER you have prepared it as described in
RFC2015.
In that case, the second question above, "what exactly should be hashed"
is an open one.
Could you clarify which of these questions is/are at issue?
Hal Finney