-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, Aug 04, 2003 at 02:41:18PM -0700, vedaal(_at_)hush(_dot_)com wrote:
have recently received a clearsigned PGP message that was signed
simultaneously with two different PGP keys,
but it caused 6.5.8ckt (build 8) to crash
the double signed messages can easily be generated from gnupg (command
line only),
but (afaik) not from pgp, even from the command line (2.x or 6.x)
have put up examples here:
http://www.angelfire.com/pr/pgpf/dspm.html
have found that the double signed messages were not a problem in pgp
8 under any circumstances, and were not a problem for 6.5.8 as long
as they weren't clearsigned
[..]
{sort of cool, actually, i wish it could be done from pgp ;-) }
are multiple simultaneous signatures acceptable Open PGP behavior ?
The first example you gave was of a nested one-pass signature, and the
second example was a clearsigned message with two signatures after it.
While it is unfortunate that 6.5.8 can't handle them, both of these
constructions are legal in OpenPGP (as per sections 5.4 and 7).
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc2 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
iEYEARECAAYFAj8u9G0ACgkQ4mZch0nhy8n9AQCfQgBmYrp9w+XVRr6w1itT95K5
jA8AnjslYItmndfDO4dJOmtK+H8S5XAZ
=C1wB
-----END PGP SIGNATURE-----