Re: limitations of mime-pem transformation

On Wed, 14 Dec 1994, Steve Crocker wrote:

1. It ought to be possible to have multiple signatures within the signature
body without extra encapsulation.  The syntax needs to be examined to make
sure this is possible, but there's no reason, in principle, why the sender
cannot put more than one signature to the signature section.

2. The semantics of multiple signatures is not defined.  It might mean:

2a. Two people both approved and vouch for the document.

2b. One person signed with two forms of signature, e.g. a DSS and a RSA
signature, to facilitate acceptance by a wide range of recipients.

2c. Something yet different.


FWIW, I'd pick a combination between 2a and 2b.  If two people are necessary
to vouch for a document, then use a nested multipart structure.  Formally,

        Multiple signatures within a single multipart are co-equal.  That
        is, a single signature check is required for the document to be
        considered "signed".  Implementations should check all signatures
        and display name information where possible.  A warning should
        be issued if one of the signatures uses a method which is not
        understood by the implementation.  This method can also be used
        where only one out of a group of people is necessary to justify
        that the document is valid.  When multiple signatures are required
        (e.g. two people are required to sign the same document), nested
        multipart structures should be used.

Although I must say that I'm very hesitant on the "co-equal" clause
above.  I could forge a message which contains a pseudo-signature for
someone using an algorithm like DSS which isn't highly supported, and then
add my own signature using RSA.  The recipient could be fooled into
believing that it has been signed by both of us and that he just can't
check the DSS signature at the moment with his software.

Admitedly this is a weird situation.  I expect that the main use would be
to include both a PGP and a PEM signature for the same person.  Maybe we
should separate the signature from the name information?  i.e. put the
actual signature and the corresponding public key in one body part, and
then the PGP and PEM certificates in another.  Then there is only a
single signature value, but two different ways of identifying it.

Cheers,

Rhys.
-- 
Rhys Weatherley, Queensland University of Technology, Brisbane, Australia.
E-mail: rhys(_at_)fit(_dot_)qut(_dot_)edu(_dot_)au  "net.maturity is knowing 
when NOT to followup"

<Prev in Thread]	Current Thread	[Next in Thread>
limitations of mime-pem transformation, solo Re: limitations of mime-pem transformation, James M Galvin Re: limitations of mime-pem transformation, Ned Freed Re: limitations of mime-pem transformation, Steve Crocker Re: limitations of mime-pem transformation, solo Re: limitations of mime-pem transformation, Ned Freed Re: limitations of mime-pem transformation, solo Re: limitations of mime-pem transformation, Valdis . Kletnieks Re: limitations of mime-pem transformation, Mr Rhys Weatherley <= Re: limitations of mime-pem transformation, Steve Kent Re: limitations of mime-pem transformation, Ned Freed Re: limitations of mime-pem transformation, Steve Kent Re: limitations of mime-pem transformation, Jeff Thompson Re: limitations of mime-pem transformation, vitor Re: limitations of mime-pem transformation, James M Galvin Re: limitations of mime-pem transformation, Steve Kent Re: limitations of mime-pem transformation, Jeff Thompson Re: hiding public key (was: limitations of mime-pem transformation), James M Galvin Re: hiding public key (was: limitations of mime-pem transformation), Jeff Thompson

Previous by Date:	Re: section 4.2.1 Authority Key Identifier, Jueneman
Next by Date:	Re: limitations of mime-pem transformation, Steve Crocker
Previous by Thread:	Re: limitations of mime-pem transformation, Valdis . Kletnieks
Next by Thread:	Re: limitations of mime-pem transformation, Steve Kent
Indexes:	[Date] [Thread] [Top] [All Lists]