On Thu, 5 Jan 1995, Stefan Monnier wrote:
Also I (again) feel like the "next" parts could be used for additional
signature parts, and even though I can see how to move the key-data out of
the security part, I fail to see how to move additional signatures out of it
(without forcing nested sigs). Of course it might be possible to mix sigs
and key data parts...
Under my proposal, you can get what you want. The "protocol" parameter
indicates what Content-Types are signature parts. The rest are assumed to
be key data parts. So, you could have:
Content-Type: multipart/signed; boundary=blah; micalg=rsamd5;
protocol="application/pem-signature,application/pgp-signature"
--blah
Content-Type: ...
....
--blah
Content-Type: application/pem-signature
....
--blah
Content-Type: application/pgp-signature
....
--blah
Content-Type: application/pemkey-data
....
--blah
Content-Type: application/pgpkey-data
....
--blah--
Those last 4 blocks can be mixed up a bit too if you want. There may be
some advantage to single-pass processing by putting the key data before the
signature data, but I haven't thought of that very hard yet. For purely
political reasons, some implementors may prefer to put the PGP blocks
before the PEM blocks. :-)
Note: the current draft I have would also have to be modified to allow
a comma-separated list for the "protocol" parameter. Currently that isn't
allowed.
Cheers,
Rhys.
--
Rhys Weatherley, Queensland University of Technology, Brisbane, Australia.
E-mail: rhys(_at_)fit(_dot_)qut(_dot_)edu(_dot_)au "net.maturity is knowing
when NOT to followup"