On Fri, Oct 03, 2003 at 06:41:29PM +0000, poiboy(_at_)SAFe-mail(_dot_)net wrote:
Hello all,
My assumption: A 3rd-party signature (0x50) is/must be detached and
its handling is implementation-specific.
It is true there is currently no language in the draft specifying how
a 0x50 3rd-party or notary signature is handled, but I worry about the
complexity of the proposed solution (extending the onepass
functionality).
When I suggested using a signature-in-a-subpacket to handle the need
for a back-signature from a signing subkey to a main key, I mentioned
that this basic idea could be useful in other places. 0x50 signatures
seem to be a good place to use it: rather than extending onepass or
parsing literal packets (which violate the idea of a *literal*
packet), how about just putting the 0x50 signature as an unhashed
subpacket on the signature that that the 0x50 signature covers?
This gives a good bit of flexibility - it's clear which signature is
being "notarized", and you can trivially generate notary sigs of
notary sigs of notary sigs as many levels as you care to, AND it
shouldn't affect any currently deployed code.
David