On Mon, Aug 12, 2002 at 04:10:48PM -0400, Michael Young wrote:
From: "David Shaw" <dshaw(_at_)jabberwocky(_dot_)com>
2440bis seems to say that v4 signatures require (MUST) an issuer subpacket
...
Come to think, both PGP and GnuPG create v4 signatures with a hashed
timestamp, and an unhashed issuer. Are they compliant? ;)
I don't think that the specification should require either. It would be
fair to note that many implementations will be unable (or unwilling) to
interpret a signature without these things.
But even if the issuer remains a MUST, it certainly doesn't need
to be in the hashed material. As it stands, the specification doesn't
say so exactly -- it merely suggests that they should be the first two
subpackets, which is silly if the timestamp is hashed but the issuer
is not. I would just excise the suggestion entirely.
2440bis does say (well, imply) that they are both hashed. In section
5.2.3. ("Version 4 Signature Packet Format"), it says that the hashed
section is made up of "two or more" subpackets, and the unhashed
section is made up of "zero or more" subpackets. Given the language
elsewhere, I assume that these two hashed subpackets are the required
issuer and timestamp.
I agree with you though - I think that a signature should not require
any subpacket to be present (SHOULD perhaps, but not MUST).
David
--
David Shaw | dshaw(_at_)jabberwocky(_dot_)com | WWW
http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson