[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Signature targets and where they should be used

To: David Shaw <dshaw@xxxxxxxxxxxxxxx>, OpenPGP <ietf-openpgp@xxxxxxx>
Subject: Re: Signature targets and where they should be used
From: Jon Callas <jon@xxxxxxxxxx>
Date: Tue, 27 May 2003 19:57:35 -0700
Delivery-date: Wed, 28 May 2003 19:38:14 +0200
Envelope-to: ietf-openpgp@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
In-reply-to: <20030416213837.GE1184@xxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: Microsoft-Entourage/10.1.1.2418

On 4/16/03 2:38 PM, "David Shaw" <dshaw@xxxxxxxxxxxxxxx> wrote:

Is there a consensus on this?

Personally, I think that the SHOULD is good enough. If you want to do a
blind notary, you have the perfect reason not to put the target packet
there.

However, I included this text: "Note that we really do mean SHOULD. There
are plausible uses for this (such a a blind notary that only sees the
signature, not the key nor source document) that cannot include a target
subpacket."

    Jon

> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Wed, Apr 16, 2003 at 03:40:24PM -0400, Michael Young wrote:
>> 
>> From: "David Shaw" <dshaw@xxxxxxxxxxxxxxx>
> 
>>> In the case of notary signatures, there is no "C" to specify.  It is
>>> merely signature A (the 0x50 signature), on data B (the signature to
>>> be notarized).  There is no benefit in specifying B twice as the data
>>> to be signed and then again as an additional subpacket.
>> 
>> I'd agree that the benefit is slight at best.  I suppose if
>> you had "B" and the material it covered (so that you could generate
>> B's hash), and you had a disorganized bunch of notary signatures,
>> then you could pick out the matching ones faster if they had
>> target subpackets.  This doesn't seem like a compelling scenario. :-)
> 
> There is actually another reason why using targets for notary
> signatures is not really good: one of the nice features of notary
> signatures is that the notarizer doesn't need the original signer's
> public key or the material the original signature covered.  All the
> notarizer needs is the signature packet.  Unfortunately, to use a
> signature target in the notary signature, the notarizer needs the
> original signer's public key to extract the hash from the original
> signature packet...
> 
> I suppose we could solve that problem by defining a signature target
> to be the canonical hash of the signature being targeted, but even
> then there is still no good reason why using a target for notary
> signatures needs to be a SHOULD.
> 
> David
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2rc2 (GNU/Linux)
> Comment: http://www.jabberwocky.com/david/keys.asc
> 
> iD8DBQE+nc1c4mZch0nhy8kRAjTQAJ42SnhAoD42MFWJjin3KJXBxZrMDACeNDqK
> hGj20/LjG6I8lBPGqigWOlA=
> =a8B8
> -----END PGP SIGNATURE-----
>

Follow-Ups:
- Re: Signature targets and where they should be used
  - From: David Shaw
- Use of the term "notarised signature"?
  - From: Ian Grigg

Prev by Date: Re: Suggested DER Prefixes
Next by Date: Re: Suggested DER Prefixes
Previous by thread: Re: Suggested DER Prefixes
Next by thread: Re: Signature targets and where they should be used
Index(es):
- Date
- Thread