ietf-openpgp
[Top] [All Lists]

Re: Cleartext Signatures

2005-10-10 07:40:22

On Mon, Oct 10, 2005 at 11:43:05AM +0100, Ben Laurie wrote:

Section 7 says that the last bit of a cleartext signature is:

"The ASCII armored signature(s) including the '-----BEGIN PGP 
SIGNATURE-----' Armor Header and Armor Tail Lines."

This is ambiguous, since in previous sections "Armor Header" has 
referred to name/value pairs, of which there could be none or more than 
one, and not the "-----blah-----" line, which is called the "Armor 
Header Line".

Since I have seen signature both with and without headers (i.e. some 
with no headers do not have a blank line between the header line and the 
armoured text), I'd like to know what is actually correct here!

Most implementations that I have encountered or written use headers in the
signanture part of clearsigned documents and in the absence of any still
leave an empty line. I think, this is the correct behavior, though the 
"be liberal in what you accept and conservative in what you send" mantra
would imply that implementations MAY accept signatures without an empty
line, but MUST NOT generate them.

I also have a question regarding clearsigned documents. Are multiple
signatures in clearsigned documents supported by OpenPGP (the fact that
multiple hash algorithms are allowed suggests that they are)? And if so, how
exactly? I would put all of them in a single armored signature block, but
the standard does not explicitly specify this or any other method.

-- 
Daniel