Re: I-D ACTION:draft-ietf-openpgp-rfc2440bis-06.txt

David Shaw <> Mon, 12 August 2002 21:11 UTC

Received: from ( []) by (8.9.1a/8.9.1a) with ESMTP id RAA11622 for <>; Mon, 12 Aug 2002 17:11:23 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by (8.11.6/8.11.3) id g7CL2Rt29676 for ietf-openpgp-bks; Mon, 12 Aug 2002 14:02:27 -0700 (PDT)
Received: from ( []) by (8.11.6/8.11.3) with ESMTP id g7CL2Qw29672 for <>; Mon, 12 Aug 2002 14:02:26 -0700 (PDT)
Received: (from dshaw@localhost) by (8.11.6/8.11.6) id g7CL2Nj05405 for; Mon, 12 Aug 2002 17:02:23 -0400
Date: Mon, 12 Aug 2002 17:02:23 -0400
From: David Shaw <>
To: OpenPGP <>
Subject: Re: I-D ACTION:draft-ietf-openpgp-rfc2440bis-06.txt
Message-ID: <>
Mail-Followup-To: OpenPGP <>
References: <> <> <> <002001c2423c$5aa79bc0$>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <002001c2423c$5aa79bc0$>
X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560
X-Phase-Of-Moon: The Moon is Waxing Crescent (22% of Full)
User-Agent: Mutt/1.5.1i
Precedence: bulk
List-Archive: <>
List-Unsubscribe: <>
List-ID: <>

On Mon, Aug 12, 2002 at 04:10:48PM -0400, Michael Young wrote:

> From: "David Shaw" <>
> > 2440bis seems to say that v4 signatures require (MUST) an issuer subpacket 
> ...
> > Come to think, both PGP and GnuPG create v4 signatures with a hashed
> > timestamp, and an unhashed issuer.  Are they compliant? ;)
> I don't think that the specification should require either.  It would be
> fair to note that many implementations will be unable (or unwilling) to
> interpret a signature without these things.
> But even if the issuer remains a MUST, it certainly doesn't need
> to be in the hashed material.  As it stands, the specification doesn't
> say so exactly -- it merely suggests that they should be the first two
> subpackets, which is silly if the timestamp is hashed but the issuer
> is not.  I would just excise the suggestion entirely.

2440bis does say (well, imply) that they are both hashed.  In section
5.2.3. ("Version 4 Signature Packet Format"), it says that the hashed
section is made up of "two or more" subpackets, and the unhashed
section is made up of "zero or more" subpackets.  Given the language
elsewhere, I assume that these two hashed subpackets are the required
issuer and timestamp.

I agree with you though - I think that a signature should not require
any subpacket to be present (SHOULD perhaps, but not MUST).


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson