In 5.2.1:
"0x10: Generic certification of a User ID and Public Key packet."
Does this mean that the signature is over the User ID packet and the
Public Key packet, concatenated, in that order? Or what?
Also, what on earth does:
Note that all PGP "key signatures" are this type of
certification.
mean?
In 5.2.2:
"The data being signed is hashed, and then the signature type and
creation time from the signature packet are hashed (5 additional
octets)."
is unclear, suggest:
"The concatenation of the data to be signed, the signature type and
creation time from the signature packet (5 additional octets) is hashed."
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff