ietf-openpgp
[Top] [All Lists]

Re: Multiple OpenPGP messages per file: legal or not?

2007-10-08 07:21:49

Quoting David Shaw <dshaw(_at_)jabberwocky(_dot_)com>:

I think the spec does define this.  It defines all of those items that
you mention in the grammar in section 11.3.  Any OpenPGP-compliant
application should be able to write such a message in such a way that
any other OpenPGP-complaint application can read it, or one or both of
the implementations aren't OpenPGP compliant.

What the spec doesn't define is whether an application must process an
"OpenPGP Message, OpenPGP Message" -- two messages concatenated
together.  There is an assumption in the spec that a single stream
contains a single message, and in fact there are some legal ways to
encode data that actually require a single stream to contain a single
message.

This doesn't mean that an application can't read concatenated messages
(when possible) if it chooses to, of course, though it should be
careful about generating them, as there is no guarantee that the
recipient can read them.

I know for a fact that the PGP implementation of OpenPGP can certainly
handle multiple ascii-armored messages in a single "file".  But I'm
pretty sure that it will NOT handle multiple "binary" messages in a single
"file".

David

-derek

--
      Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
      Member, MIT Student Information Processing Board  (SIPB)
      URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
      warlord(_at_)MIT(_dot_)EDU                        PGP key available