ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Chunked OpenPGP streams

2015-12-30 08:28:31
Hi,

On Wed, 30 Dec 2015 at 14:01:46 +0100, Nils Durner wrote:
I wonder if chunked streams could make their way to RFC4880bis instead.
The verification mechanism (MDC or data signature) would be added to
each chunk using the intermediate hash value,

I think this goes in the same direction that OAED or online
authenticating cipher modes are being considered for - see the recording
of the last IETF meeting at
http://recs.conf.meetecho.com/Playout/watch.jsp?recording=IETF94_OPENPGP&chapter=chapter_1

Thanks for the pointer.  I think however that this could be useful for
detached sigs, too.  For instance assuming a remote tarball, a local
detached signature, and an OpenPGP implementation that would copy
*verified* data to the output File Descriptor, one could write

    ssh remote.example.org cat /path/to/backup |
    gpg --verify /path/to/backup.sig - |
    tar -x

without fear of race condition and without the inconvenience of creating
a temporary local file.

Cheers,
-- 
Guilhem.

Attachment: signature.asc
Description: PGP signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
<Prev in Thread] Current Thread [Next in Thread>