Ian Grigg wrote:
On Thursday 30 June 2005 11:30, Werner Koch wrote:
On Thu, 30 Jun 2005 09:27:40 +0100, Ben Laurie said:
I see it is reserved "for backward compatibility". I'm curious to
know: what's in this packet? Is it documented somewhere?
SIGSUBPKT_ARR =10, /* additional recipient request */
aka additional decrytpion key.
A little background. This was added by the old
PGP Inc company for commercial users so as to
escrow email. If a key had this subpacket, you
would encrypt to that additional key as well.
The notion was that it should go
in the standard, but that was politically charged
at the time - indeed Loius Freeh stood up in
front of Congress and used this very feature as
proof that it was possible to force all crypto
programs to escrow messages for the FBI...
The compromise that was reached was that it
not be documented in the standard. I don't
know if GPG implements it, or even if it the PGP
line still includes it. I think architecturally speaking,
such a feature is better off in the proxy products,
and layered over the top at the admin level
rather than put in the tech. I think it is relatively
safe to ignore it.
Aha. Well, I'd like to be able to extract the data, just for
completeness. Does anyone have a format for the packet?
Cheers,
Ben.
--
>>>ApacheCon Europe<<< http://www.apachecon.com/
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff