-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Derek Atkins wrote:
I believe it is the intent, and in the SIG+(COMPRESSED(LITERAL) the
SIG should be issued over the COMPRESSED(LITERAL). The only special
case that I know of is SIG+LITERAL, where the SIG is over the data
inside the literal and doesn't include the literal packet itself.
to which "David Shaw" <dshaw(_at_)jabberwocky(_dot_)com> responds:
This sounds very reasonable to me. I think a word or two to make that
clear in the draft would be helpful: something that indicates that
I have mixed feelings about Derek's interpretation, but if that's
the intent, then I agree with David that this must be made clear
in the draft. There is definitely a special case here.
Why mixed feelings? On the one hand, I don't like special cases. I
also find it surprising that one would want to sign the COMPRESSED
packet. (It's less to hash, but that hardly seems meaningful.)
On the other hand, it is a little disturbing that the LITERAL
packet headers are ignored, and including them in the signature (by
way of hashing the entire COMPRESSED packet) would overcome that
deficiency.
Note that both of my concerns could be addressed by a different rule
that has no special case: the signature hash is computed over the
CONTENTS of the FOLLOWING packet (*not* recursively). In the original
PGP case, this would be the contents of the literal packet. In the
COMPRESSED(LITERAL(x)) case, it would be the LITERAL(x). [One could
use an "uncompressed" COMPRESSED packet to intentionally capture the
LITERAL header information.]
Whatever we do, I expect that
ONEPASS COMPRESSED(LITERAL(x)) SIGNATURE
would be treated the same as
OLD-SIG COMPRESSED(LITERAL(x))
Reasonable?
Of course, adopting the "be liberal in what you accept" principle, an
implementation *could* do parallel hashes against all of these
possibilities, and report what got signed :-).
Before passing final judgement, I'd be curious to know what the
known implementation that uses SIG+COMPRESSED(LITERAL(x)) did
with the construct? What did it sign?
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
iQA/AwUBPyqGHec3iHYL8FknEQLQKgCg9eogHTyrFk+G2/eov95/ThLCit0An3ce
UflAjBQJLf3j45hrL8wfA9yx
=Clak
-----END PGP SIGNATURE-----