Multisig (was: OpenPGP Minutes / Quick Summary)
Werner Koch <wk@gnupg.org> Mon, 21 August 2006 19:22 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFFMM-0007VK-8W for openpgp-archive@lists.ietf.org; Mon, 21 Aug 2006 15:22:54 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GFFMK-0006bT-Tm for openpgp-archive@lists.ietf.org; Mon, 21 Aug 2006 15:22:54 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LJ3Oav082122; Mon, 21 Aug 2006 12:03:24 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7LJ3Onh082121; Mon, 21 Aug 2006 12:03:24 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LJ3JtU082085 for <ietf-openpgp@imc.org>; Mon, 21 Aug 2006 12:03:21 -0700 (MST) (envelope-from wk@gnupg.org)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.50 #1 (Debian)) id 1GFFBX-0004yd-NM for <ietf-openpgp@imc.org>; Mon, 21 Aug 2006 21:11:43 +0200
Received: from wk by localhost with local (Exim 4.62 #1 (Debian)) id 1GFEzv-00084L-N3; Mon, 21 Aug 2006 20:59:43 +0200
From: Werner Koch <wk@gnupg.org>
To: derek@ihtfp.com, ietf-openpgp@imc.org
Subject: Multisig (was: OpenPGP Minutes / Quick Summary)
References: <sjmveq2foz6.fsf@cliodev.pgp.com> <20060805213931.GA14257@lavazza.does-not-exist.org> <20060821171452.GG17407@raktajino.does-not-exist.org> <20060821133937.0mvvxpb552ggog80@webmail.mit.edu> <20060821174256.GH17407@raktajino.does-not-exist.org>
Mail-Followup-To: derek@ihtfp.com, ietf-openpgp@imc.org
Organisation: g10 Code GmbH
OpenPGP: id=5B0358A2; url=finger:wk@g10code.com
Date: Mon, 21 Aug 2006 20:59:43 +0200
In-Reply-To: <20060821174256.GH17407@raktajino.does-not-exist.org> (Thomas Roessler's message of "Mon, 21 Aug 2006 19:42:56 +0200")
Message-ID: <87pset3of4.fsf_-_@wheatstone.g10code.de>
User-Agent: Gnus/5.110006 (No Gnus v0.6)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22
On Mon, 21 Aug 2006 19:42, Thomas Roessler said: Users should be aware of the fact that each individual signature can be broken out and used to create a valid "multipart/signed" body according to the underlying protocol and RFC 1847. Assuming that parallel signatures are used to give extra security in case one of the protocols or algorithms has been broken, this indeed a problem. A solution is easy: The protocols and algorithms used to make up the signatures need to be hashed with the content. For example by an extra header line in the first part. When verifying the signatures an application can easily detect whether a signature has been removed and present an appropriate warning (also considering the algorithms deemed to be broken at the time of verification). Obviously this requires that either all signatures are created at the same time or forehand knowledge of the signatures to be added later is required. Shalom-Salam, Werner
- OpenPGP Minutes / Quick Summary Derek Atkins
- Re: OpenPGP Minutes / Quick Summary Ian G
- Re: OpenPGP Minutes / Quick Summary Sam Hartman
- Re: OpenPGP Minutes / Quick Summary vedaal
- Re: OpenPGP Minutes / Quick Summary Daniel A. Nagy
- Re: OpenPGP Minutes / Quick Summary Brian G. Peterson
- Re: OpenPGP Minutes / Quick Summary Cat Okita
- Re: OpenPGP Minutes / Quick Summary Derek Atkins
- Re: OpenPGP Minutes / Quick Summary Ian G
- Re: OpenPGP Minutes / Quick Summary Derek Atkins
- Re: OpenPGP Minutes / Quick Summary Werner Koch
- Re: OpenPGP Minutes / Quick Summary David Shaw
- Re: OpenPGP Minutes / Quick Summary Hironobu SUZUKI
- Re: OpenPGP Minutes / Quick Summary Jon Callas
- Re: OpenPGP Minutes / Quick Summary Thomas Roessler
- Re: OpenPGP/MIME changes Brian G. Peterson
- Re: OpenPGP Minutes / Quick Summary Cat Okita
- Re: OpenPGP Minutes / Quick Summary Peter Gutmann
- Re: OpenPGP/MIME changes Jon Callas
- Re: OpenPGP Minutes / Quick Summary vedaal
- Re: OpenPGP Minutes / Quick Summary Jon Callas
- Re: OpenPGP Minutes / Quick Summary Thomas Roessler
- Re: OpenPGP/MIME changes Thomas Roessler
- Re: OpenPGP Minutes / Quick Summary Thomas Roessler
- Re: OpenPGP Minutes / Quick Summary Derek Atkins <derek@ihtfp.com>
- Re: OpenPGP Minutes / Quick Summary Thomas Roessler
- Re: OpenPGP Minutes / Quick Summary Jon Callas
- Multisig (was: OpenPGP Minutes / Quick Summary) Werner Koch