ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Clarification needed on compressed messages

2003-08-01 12:27:34
from [David Shaw] [Permanent Link] 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, Aug 01, 2003 at 01:42:47PM -0400, Michael Young wrote:


The ONEPASS method can also easily handle such constructions as
ONEPASS+OBJECT+OBJECT+OBJECT+SIG, which SIG+OBJECT cannot.


Only for non-signature OBJECTs.


True.  There would have to be some encapsulation in that case, perhaps
using your compressed packet suggestion:
ONEPASS+COMPRESSED(SIG)+SIG.


I'd rather not complicate the rules any further to allow this
construction.  (It is not permitted now.)


It's not clear whether it is permitted now or not.

The general question of multiple packets (whether in a one-pass
signature, compressed data packet, or encrypted data packet) is
somewhat hazy in the draft.  Speaking only about literal packets for
now, sections 5.6, 5.7, and 5.13 all say yes (using the plural
"literal data packets").  Section 10.2 says no.

I actually requested a clarification whether LITERAL+LITERAL was valid
a few weeks ago: http://www.imc.org/ietf-openpgp/mail-archive/msg05537.html

The reason why I was thinking about LITERAL+LITERAL in the first place
was Jon Callas' comments about OpenPGP as an archival primitive.  It
would be Very Useful to be able to store more than one file into a
single OpenPGP message.  I don't think OpenPGP should be setting out
to replace tar or zip, but it's handy nonetheless.  An archive program
with strong encryption whose results can be de-archived with any
OpenPGP program is compelling.

Note that both PGP and GnuPG already do the right thing with
ENCRYPTED(LITERAL+LITERAL) messages.

Google says Hal Finney argued for this interpretation in 2000:
 http://cert.uni-stuttgart.de/archive/ietf-openpgp/2000/05/msg00032.html

All that said, I think that LITERAL+LITERAL should probably be legal,
but either way, the draft shouldn't say both yes and no.

Come to think, your suggestion of using a compressed data packet to
encapsulate could be useful here as well:
ENCRYPTED(COMPRESSED(LITERAL+LITERAL)).

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc2 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iEYEARECAAYFAj8qvyAACgkQ4mZch0nhy8mQHgCdGDPXUDnlZqvzdH6eqg0/IhUP
LFIAn27XCXC/+sxIFjQgesBpX2h57Pmf
=53vx
-----END PGP SIGNATURE-----
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Clarification needed on compressed messages, Michael Young
Next by Date:  Re: Location of 'key expiration time' signature subpacket, David Shaw
Previous by Thread:  Re: Clarification needed on compressed messages, Michael Young
Next by Thread:  Re: Clarification needed on compressed messages, Michael Young
Indexes:  [Date] [Thread] [Top] [All Lists]