Back in July of last year, we discussed what the right way to hash
such constructions as
SIGNATURE + COMPRESSED(LITERAL)
Thus raising the question whether the signature is on the literal
packet, or the compressed packet that holds the literal packet. It
seems that some software actually generates this.
Anyway, the answer (you hash the compressed packet) seemed to be
fairly uncontroversial, and so I'd like to suggest some language to
say so in 2440bis.
Section 5.2.4 says:
The signature data is simple to compute for document signatures
(types 0x00 and 0x01), for which the document itself is the data.
How about:
The signature data is simple to compute for document signatures
(types 0x00 and 0x01), for which the document itself is the data.
When the document is not represented as a Literal Message, the
entire OpenPGP Message is the data. See section 10.2 for the
formal definition of Literal and OpenPGP messages.
Does this introduce a problem with detached signatures?
David