[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ISSUE: misleading hash instructions

To: David Shaw <dshaw@xxxxxxxxxxxxxxx>
Subject: Re: ISSUE: misleading hash instructions
From: Jon Callas <jon@xxxxxxxxxx>
Date: Tue, 11 Oct 2005 12:21:18 -0700
Cc: ietf-openpgp@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx

On 27 Aug 2005, at 6:59 AM, David Shaw wrote:


This one is really easy to fix.  In section 5.2.4 (Computing
Signatures), the paragraph ordering implies incorrect things about a
user ID certification signature (which hashes the public key plus user
ID packet).  The description of a user ID certification signature
refers to "the data above", which given the paragraph ordering, is how
to hash a signature for signing, and not a public key.

If we just switch the position of the paragraph beginning "When a
signature is made over a signature packet" with the paragraph
beginning "A certification signature (type 0x10 through 0x13)" the
problem goes away.

Fixed.

Jon

References:
- ISSUE: misleading hash instructions
  - From: David Shaw

Prev by Date: Re: Cleartext Signatures
Next by Date: WGLC for draft-ietf-openpgp-openpgp-15 ends Oct 28 1700EDT
Previous by thread: ISSUE: misleading hash instructions
Next by thread: Encrypt subject
Index(es):
- Date
- Thread