Hello vedaal,
vhc> do not know what is 'correct',
vhc> but do know what is *compatible*
vhc> using the sample keypairs that were posted here,
vhc> here is an example of a message signed by both sample keys, and
vhc> encrypted to one of them,
vhc> with both signatures verifiable as 'good'
vhc> by both gnupg and pgp :
Thank you for your investigations, i'll look over the resulting file with our
implementation (SBB).
vhc> afaik,
vhc> gnupg is the only open-pgp implementation that can produce multiple
vhc> simultaneous signatures
vhc> in order for other implementations to do so too,
vhc> there should be some clear directions in rfc 2440 as to how to do
vhc> so in a way that would be compatible to all open-pgp programs
Yes, i also think that this situation must be reviewed in 2440.
--
Best regards,Nickolay mailto:<ni4(_at_)ukr(_dot_)net>