Re: Multiple signatures over a document
Jon Callas <jon@callas.org> Wed, 11 October 2006 20:10 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GXkPE-00054u-8R for openpgp-archive@lists.ietf.org; Wed, 11 Oct 2006 16:10:20 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GXkPA-00020n-Q5 for openpgp-archive@lists.ietf.org; Wed, 11 Oct 2006 16:10:20 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k9BJgqCu033181; Wed, 11 Oct 2006 12:42:52 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k9BJgqWu033180; Wed, 11 Oct 2006 12:42:52 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k9BJgoDh033172 for <ietf-openpgp@imc.org>; Wed, 11 Oct 2006 12:42:51 -0700 (MST) (envelope-from jon@callas.org)
Received: from keys.merrymeet.com (keys.merrymeet.com [63.73.97.166]) (Authenticated sender: jon) by merrymeet.com (Postfix) with ESMTP id EEF3230BC2A; Wed, 11 Oct 2006 12:42:32 -0700 (PDT)
Received: from [192.168.99.70] ([66.109.103.151]) by keys.merrymeet.com (PGP Universal service); Wed, 11 Oct 2006 12:42:33 -0700
X-PGP-Universal: processed; by keys.merrymeet.com on Wed, 11 Oct 2006 12:42:33 -0700
In-Reply-To: <166808470.20061011132150@ukr.net>
References: <166808470.20061011132150@ukr.net>
Mime-Version: 1.0 (Apple Message framework v752.2)
X-Priority: 3 (Normal)
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Message-Id: <BB4E694E-A8AF-4D18-A092-399F47E20420@callas.org>
Cc: ietf-openpgp@imc.org
Content-Transfer-Encoding: 7bit
From: Jon Callas <jon@callas.org>
Subject: Re: Multiple signatures over a document
Date: Wed, 11 Oct 2006 12:42:32 -0700
To: "Nickolay L." <ni4@ukr.net>
X-Mailer: Apple Mail (2.752.2)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d
> I cannot resolve, how to correctly calculate multiple signatures over > the document. I'm hashing entire document body + beginning of > signature (as described in 2440), and everything is ok. > But, when I'm producing two old-style signatures : > 1) GnuPG checks only the first one, and says that it's ok > 2) PGP 8.1 checks both, but says that first one is invalid, and the > second is ok > > Producing two new-style signatures (with one-pass signature packets), > getting : > 1) GnuPG checks both, and says that they're correct. > 2) PGP 8.1 checks both, and says that first is invalid, and second one > is valid. > > It seems, that PGP calculates the signature over the whole document + > bodies of other signatures. > > But from 2440 it seems, that signed hash must not include other > signatures. > > Please, anybody can clearly describe, what behavior is correct? > > And, maybe, such situation must be described in 2440? Could you provide a sample document to show the issue? Jon
- Multiple signatures over a document Nickolay L.
- Re: Multiple signatures over a document Jon Callas
- Re[2]: Multiple signatures over a document Nickolay L.
- Re[2]: Multiple signatures over a document Nickolay L.
- Re: Multiple signatures over a document vedaal
- Re[2]: Multiple signatures over a document Nickolay L.