ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Signature targets and where they should be used

2003-05-28 10:30:28
from [Jon Callas] [Permanent Link] 

On 4/16/03 2:38 PM, "David Shaw" <dshaw(_at_)jabberwocky(_dot_)com> wrote:

Is there a consensus on this?

Personally, I think that the SHOULD is good enough. If you want to do a
blind notary, you have the perfect reason not to put the target packet
there.

However, I included this text: "Note that we really do mean SHOULD. There
are plausible uses for this (such a a blind notary that only sees the
signature, not the key nor source document) that cannot include a target
subpacket."

    Jon




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Apr 16, 2003 at 03:40:24PM -0400, Michael Young wrote:


From: "David Shaw" <dshaw(_at_)jabberwocky(_dot_)com>



In the case of notary signatures, there is no "C" to specify.  It is
merely signature A (the 0x50 signature), on data B (the signature to
be notarized).  There is no benefit in specifying B twice as the data
to be signed and then again as an additional subpacket.


I'd agree that the benefit is slight at best.  I suppose if
you had "B" and the material it covered (so that you could generate
B's hash), and you had a disorganized bunch of notary signatures,
then you could pick out the matching ones faster if they had
target subpackets.  This doesn't seem like a compelling scenario. :-)


There is actually another reason why using targets for notary
signatures is not really good: one of the nice features of notary
signatures is that the notarizer doesn't need the original signer's
public key or the material the original signature covered.  All the
notarizer needs is the signature packet.  Unfortunately, to use a
signature target in the notary signature, the notarizer needs the
original signer's public key to extract the hash from the original
signature packet...

I suppose we could solve that problem by defining a signature target
to be the canonical hash of the signature being targeted, but even
then there is still no good reason why using a target for notary
signatures needs to be a SHOULD.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2rc2 (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc

iD8DBQE+nc1c4mZch0nhy8kRAjTQAJ42SnhAoD42MFWJjin3KJXBxZrMDACeNDqK
hGj20/LjG6I8lBPGqigWOlA=
=a8B8
-----END PGP SIGNATURE-----
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Suggested DER Prefixes, Jon Callas
Next by Date:  Re: Suggested DER Prefixes, Imad R. Faiad
Previous by Thread:  Suggested DER Prefixes, Imad R. Faiad
Next by Thread:  Re: Signature targets and where they should be used, David Shaw
Indexes:  [Date] [Thread] [Top] [All Lists]