Notary signature implementation notes
David Shaw <dshaw@jabberwocky.com> Mon, 19 August 2002 17:59 UTC
Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA11228 for <openpgp-archive@odin.ietf.org>; Mon, 19 Aug 2002 13:59:14 -0400 (EDT)
Received: by above.proper.com (8.11.6/8.11.3) id g7JHqcs14181 for ietf-openpgp-bks; Mon, 19 Aug 2002 10:52:38 -0700 (PDT)
Received: from claude.kendall.akamai.com (akafire.akamai.com [65.202.32.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7JHqbn14177 for <ietf-openpgp@imc.org>; Mon, 19 Aug 2002 10:52:37 -0700 (PDT)
Received: (from dshaw@localhost) by claude.kendall.akamai.com (8.11.6/8.11.6) id g7JHqXr09314 for ietf-openpgp@imc.org; Mon, 19 Aug 2002 13:52:33 -0400
Date: Mon, 19 Aug 2002 13:52:33 -0400
From: David Shaw <dshaw@jabberwocky.com>
To: ietf-openpgp@imc.org
Subject: Notary signature implementation notes
Message-ID: <20020819175233.GA9174@akamai.com>
Mail-Followup-To: ietf-openpgp@imc.org
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="6c2NcOVqGQ03X4Wi"
Content-Disposition: inline
X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560
X-URL: http://www.jabberwocky.com/
X-Phase-Of-Moon: The Moon is Waxing Gibbous (90% of Full)
User-Agent: Mutt/1.5.1i
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Hi folks, I recently roughed in some support for notary signatures in GnuPG. Here are some samples. The first attachment is the file the original signature was issued on. The second attachment is a detached signature on that file. The third attachment is a v4 0x50 signature on that signature, and the final attachment is a v3 0x50. All of these signatures were issued by key 0xD8B2D20C, currently on a friendly keyserver near you. I used the canonicalization rules Hal Finney suggested in http://www.imc.org/ietf-openpgp/mail-archive/msg04021.html except I used the constant 0x88 rather than 0x84 for the canonical CTB. I believe 0x84 was a typo since that would be a CTB for a session key packet. It was suggested that notary signatures always contain a signature target subpacket. After implementing notary signatures, I'm not sure how useful this would be given the current signature target subpacket. To create the subpacket, the notary needs to have the public key of the signer of the original signature in order to get the raw hash out of the original signature. That harms somewhat the nice feature of a notary signature that the notary does not need to know anything about the original document and its signer. One possible solution to this is to define the signature target subpacket as a canonical hash of the original signature rather than as the actual hash from the original signature. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson
- Notary signature implementation notes David Shaw