On Thu, Oct 30, 2003 at 06:07:32AM +0000, poiboy(_at_)SAFe-mail(_dot_)net wrote:
Removing the canonical header replacement for external signing of
signatures would make it easier to work with many notarized
signatures. This probably steps on toes, though.
I wouldn't remove the canonical header for hashing the original
signature. It would be inconsistent with all of the other hashing
rules in the draft. The only thing that is necessary here is to
specify that the unhashed data in the original signature is not
included in the notary signature.
Specifically, section 5.2.4 currently says:
When a signature is made over a signature, the hash data starts with
the octet 0x88, followed by the four-octet length of the signature,
and then the body of the signature packet. (Note that this is an
old-style packet header for a signature packet with the
length-of-length set to zero).
I would add a sentence between those two that reads something like:
The unhashed subpacket data of the signature packet being hashed is
not included in the hash, and the unhashed subpacket data length
value is set to zero.
The idea here is that the canonical form of a signature to be hashed
has no unhashed subpacket data.
This addresses your first comment as well. We don't need to specify
what gets hashed into the notary signature, since it is clear that the
entire target signature, minus its unhashed data, is hashed for the
notary signature.
David