ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Text canonicalization

2001-12-28 06:27:18
from [vedaal] [Permanent Link] 


----- Original Message -----
From: "David Shaw" <dshaw(_at_)akamai(_dot_)com>
To: <ietf-openpgp(_at_)imc(_dot_)org>
Sent: Thursday, December 27, 2001 7:33 PM
Subject: Re: Text canonicalization


...

This sounds very good, but what about detached signatures?  A detached
signature doesn't carry the text with it, so wouldn't the the text
(presumably delivered via http or ftp, which can change line endings)
need to be re-canonicalized for signature verification?  To a certain
degree this applies to a clearsigned document as well.

...
also applies somewhat to GnuPG signed and encrypted messages when signed
with a v3 rsa key, and GnuPG armored signed messages with a v3 rsa key,
PGP interprets it as a 'detached' signature,
and 'searches' (unsuccessfully) for the file trying to verify it.
{not the case with v4 rsa sigs, which seem to act differently}

vedaal
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Text canonicalization, David Shaw
Previous by Thread:  Re: Text canonicalization, David Shaw
Next by Thread:  Re: Text canonicalization, hal
Indexes:  [Date] [Thread] [Top] [All Lists]