Re: Timestamp and 3rd party sig
hal@finney.org ("Hal Finney") Mon, 17 July 2006 17:32 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G2WxW-0007Up-65 for openpgp-archive@lists.ietf.org; Mon, 17 Jul 2006 13:32:42 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G2WxU-0002QE-RB for openpgp-archive@lists.ietf.org; Mon, 17 Jul 2006 13:32:42 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k6HGcZtX055936; Mon, 17 Jul 2006 09:38:35 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k6HGcZWV055935; Mon, 17 Jul 2006 09:38:35 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k6HGcY4O055928 for <ietf-openpgp@imc.org>; Mon, 17 Jul 2006 09:38:35 -0700 (MST) (envelope-from hal@finney.org)
Received: by finney.org (Postfix, from userid 500) id 771E657FD1; Mon, 17 Jul 2006 08:32:54 -0700 (PDT)
To: ietf-openpgp@imc.org
Subject: Re: Timestamp and 3rd party sig
Message-Id: <20060717153254.771E657FD1@finney.org>
Date: Mon, 17 Jul 2006 08:32:54 -0700
From: hal@finney.org
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 798b2e660f1819ae38035ac1d8d5e3ab
Daniel A. Nagy writes: > Since I am currently implementing an OpenPGP compliant timestamping service, > I would like to solicit opinions on the issue even without suggesting > immediate changes to the standard. In particular, I would like to know how > various implementations treat 0x40 signatures when encountering them during > signature verification? Looking at the commercial PGP parsing code, it doesn't look like it will handle these signatures very well if they occur in a document. In a key ring I think it will just ignore them, but in a document it only expects type 0 or 1 signatures. Anything above that is assumed to be a key signature, in the document parsing code, and it will divert to the key signature parsing code; but it does not expect to find a key signature except following other key ring packets. So it will trigger a parsing error and the message will be rejected as malformed. This code has worked like this for a number of years so there is probably a substantial installed base. Hal Finney
- Timestamp and 3rd party sig Rick van Rein
- Re: Timestamp and 3rd party sig Werner Koch
- Re: Timestamp and 3rd party sig Daniel A. Nagy
- Re: Timestamp and 3rd party sig Greg Sabino Mullane
- Re: Timestamp and 3rd party sig "Hal Finney"
- Re: Timestamp and 3rd party sig David Shaw