On Fri, Dec 28, 2001 at 08:15:07AM -0500, vedaal wrote:
This sounds very good, but what about detached signatures? A detached
signature doesn't carry the text with it, so wouldn't the the text
(presumably delivered via http or ftp, which can change line endings)
need to be re-canonicalized for signature verification? To a certain
degree this applies to a clearsigned document as well.
...
also applies somewhat to GnuPG signed and encrypted messages when signed
with a v3 rsa key, and GnuPG armored signed messages with a v3 rsa key,
PGP interprets it as a 'detached' signature,
and 'searches' (unsuccessfully) for the file trying to verify it.
{not the case with v4 rsa sigs, which seem to act differently}
This is a slightly different problem - GnuPG would never make a
non-clear or non-detached signature with v3 keys that PGP 6 or 7
liked. I fixed this a few days ago, and it works properly now.
David
--
David Shaw | Technical Lead
<dshaw(_at_)akamai(_dot_)com> | Enterprise Content Delivery
617-250-3028 | Akamai Technologies