[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Timestamp and 3rd party sig

To: ietf-openpgp@xxxxxxx
Subject: Re: Timestamp and 3rd party sig
From: hal@xxxxxxxxxx ("Hal Finney")
Date: Mon, 17 Jul 2006 08:32:54 -0700 (PDT)
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx

Daniel A. Nagy writes:
> Since I am currently implementing an OpenPGP compliant timestamping service,
> I would like to solicit opinions on the issue even without suggesting
> immediate changes to the standard. In particular, I would like to know how
> various implementations treat 0x40 signatures when encountering them during
> signature verification?

Looking at the commercial PGP parsing code, it doesn't look like it
will handle these signatures very well if they occur in a document.
In a key ring I think it will just ignore them, but in a document it
only expects type 0 or 1 signatures.  Anything above that is assumed
to be a key signature, in the document parsing code, and it will divert
to the key signature parsing code; but it does not expect to find a key
signature except following other key ring packets.  So it will trigger
a parsing error and the message will be rejected as malformed.

This code has worked like this for a number of years so there is probably
a substantial installed base.

Hal Finney

Prev by Date: Re: OpenPGP Minutes / Quick Summary
Previous by thread: Re: Timestamp and 3rd party sig
Next by thread: SHA-1 broken
Index(es):
- Date
- Thread