ietf-openpgp
[Top] [All Lists]

Re: Clarification needed on compressed messages

2003-07-31 20:19:21

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Jul 30, 2003 at 03:45:23PM -0400, Derek Atkins wrote:

David Shaw <dshaw(_at_)jabberwocky(_dot_)com> writes:

Is this the intent?  And if so, in a SIG+COMPRESSED(LITERAL) message,
is the SIG issued over COMPRESSED(LITERAL) or LITERAL ?

I believe it is the intent, and in the SIG+(COMPRESSED(LITERAL) the
SIG should be issued over the COMPRESSED(LITERAL).  The only special
case that I know of is SIG+LITERAL, where the SIG is over the data
inside the literal and doesn't include the literal packet itself.

ONEPASS+LITERAL+SIG is another case.

However, all other constructions should build the SIG over the
underlying PGP message object.

This sounds very reasonable to me.  I think a word or two to make that
clear in the draft would be helpful: something that indicates that
"bare" literal packets should have their contents hashed, but anything
else should be hashed whole.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc2 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iEYEARECAAYFAj8p3DUACgkQ4mZch0nhy8kypwCfYdiXIoUPIKW55TEhUKlyFVWc
YdMAoIQZtyNI8OoqXC0uI+PJ/7+7El++
=9IWM
-----END PGP SIGNATURE-----

<Prev in Thread] Current Thread [Next in Thread>