ietf-openpgp
[Top] [All Lists]

Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures)

2005-10-11 21:44:51

On Tue, Oct 11, 2005 at 06:11:27PM -0400, David Shaw wrote:

Yes, they are supported, and the putting all of them in a single
armored signature block is the way to do it.  Section 7 refers to "The
ASCII armored signature(s)" in the signature block.  The text seems
reasonably clear to me - what is not good here?

Some details are missing. For instance, is the order salient? One-pass
signantures have to be bracketed, and clearsigned documents are supposed be
verifiable in one pass as well. But it does not necessarily imply that the
hash algorithms should be listed in reverse signature order in the
beginning. Actually, the standard says very little on how to go about it. It
would definitely help one-pass verification, if signatures that refer to
other signatures (e.g. notarization sigs) were mandated to either follow or
precede the signatures they are refering to. Both solutions have their
benefits, but deciding one way or another would be better than allowing
arbitrary order. It would be nice to have a paragraph or two elaborating on
these issues.

-- 
Daniel

<Prev in Thread] Current Thread [Next in Thread>