-----BEGIN PGP SIGNED MESSAGE-----
On Fri, Aug 01, 2003 at 01:42:47PM -0400, Michael Young wrote:
The ONEPASS method can also easily handle such constructions as
ONEPASS+OBJECT+OBJECT+OBJECT+SIG, which SIG+OBJECT cannot.
Only for non-signature OBJECTs.
True. There would have to be some encapsulation in that case, perhaps
using your compressed packet suggestion:
I'd rather not complicate the rules any further to allow this
construction. (It is not permitted now.)
It's not clear whether it is permitted now or not.
The general question of multiple packets (whether in a one-pass
signature, compressed data packet, or encrypted data packet) is
somewhat hazy in the draft. Speaking only about literal packets for
now, sections 5.6, 5.7, and 5.13 all say yes (using the plural
"literal data packets"). Section 10.2 says no.
I actually requested a clarification whether LITERAL+LITERAL was valid
a few weeks ago: http://www.imc.org/ietf-openpgp/mail-archive/msg05537.html
The reason why I was thinking about LITERAL+LITERAL in the first place
was Jon Callas' comments about OpenPGP as an archival primitive. It
would be Very Useful to be able to store more than one file into a
single OpenPGP message. I don't think OpenPGP should be setting out
to replace tar or zip, but it's handy nonetheless. An archive program
with strong encryption whose results can be de-archived with any
OpenPGP program is compelling.
Note that both PGP and GnuPG already do the right thing with
Google says Hal Finney argued for this interpretation in 2000:
All that said, I think that LITERAL+LITERAL should probably be legal,
but either way, the draft shouldn't say both yes and no.
Come to think, your suggestion of using a compressed data packet to
encapsulate could be useful here as well:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc2 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
-----END PGP SIGNATURE-----