-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'd like to start some discussion so we can finish the specification
of notary signatures. There are still some missing pieces.
To recap, the notary signature is a signature on a signature, as if
made by a notary. The notary should not need the original document,
the public key of the signer, or anything other than the signature
packet to issue the notary signature.
In <http://www.imc.org/ietf-openpgp/mail-archive/msg03987.html> Hal
Finney suggested a rule to canonicalize a signature packet so it can
be hashed and signed. Paraphrased into RFC language, that is:
When a signature is made over a signature, the hash data starts with
the octet 0x88, followed by the four-octet length of the signature,
and then the body of the signature packet. (Note that this is an
old-style packet header for a signature packet with the
length-of-length set to zero).
I believe section 5.2.4. (Computing Signatures), would be the best
place for this.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2rc1 (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc
iD8DBQE+b/zx4mZch0nhy8kRAtDaAJ9qzO+AipYEcNCZ1WAknoW5EeXAAgCePU7S
Cy+mJusx/Te9ypyn//F++Vs=
=26+S
-----END PGP SIGNATURE-----