Multiple signatures over a document

"Nickolay L." <ni4@ukr.net> Wed, 11 October 2006 10:47 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GXbc4-000604-TV for openpgp-archive@lists.ietf.org; Wed, 11 Oct 2006 06:47:00 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GXbc0-0002c5-IL for openpgp-archive@lists.ietf.org; Wed, 11 Oct 2006 06:47:00 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k9BAN3UO037731; Wed, 11 Oct 2006 03:23:03 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k9BAN3xr037730; Wed, 11 Oct 2006 03:23:03 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from cielago.ip.net.ua (cielago.ip.net.ua [82.193.96.15]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k9BAN1e9037717 for <ietf-openpgp@imc.org>; Wed, 11 Oct 2006 03:23:02 -0700 (MST) (envelope-from ni4@ukr.net)
Received: from infernal.org.ua (82.193.103.213.ipnet.kiev.ua [82.193.103.213]) by cielago.ip.net.ua (8.13.6/8.13.6) with ESMTP id k9BAMvfO032492 for <ietf-openpgp@imc.org>; Wed, 11 Oct 2006 13:22:57 +0300 (EEST) (envelope-from ni4@ukr.net)
Date: Wed, 11 Oct 2006 13:21:50 +0300
From: "Nickolay L." <ni4@ukr.net>
X-Mailer: The Bat! (v3.80.03) Professional
Reply-To: "Nickolay L." <ni4@ukr.net>
X-Priority: 3 (Normal)
Message-ID: <166808470.20061011132150@ukr.net>
To: ietf-openpgp@imc.org
Subject: Multiple signatures over a document
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.1 (/)
X-Scan-Signature: ea4ac80f790299f943f0a53be7e1a21a

Hi!

I cannot resolve, how to correctly calculate multiple signatures over
the document. I'm hashing entire document body + beginning of
signature (as described in 2440), and everything is ok.
But, when I'm producing two old-style signatures :
1) GnuPG checks only the first one, and says that it's ok
2) PGP 8.1 checks both, but says that first one is invalid, and the
second is ok

Producing two new-style signatures (with one-pass signature packets),
getting :
1) GnuPG checks both, and says that they're correct.
2) PGP 8.1 checks both, and says that first is invalid, and second one
is valid.

It seems, that PGP calculates the signature over the whole document +
bodies of other signatures.

But from 2440 it seems, that signed hash must not include other
signatures.

Please, anybody can clearly describe, what behavior is correct?

And, maybe, such situation must be described in 2440?

--
  Best regards,Nickolay mailto:<ni4@ukr.net>