[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: V5 signatures

In <19990528123701.A28938@frodo.isil.d.shuttle.de>, on 05/28/99 
   at 05:37 AM, Werner Koch <wk@isil.d.shuttle.de> said:

>Werner Koch <wk@isil.d.shuttle.de> writes:

>> However, the octet count for the [un]hashed subpackets is limited to
>> 65535.

>It just came to my mind, that large signature packets (currently they
>have a limit of about 128k) do impose a problem:

>It will then not be possible to keep the complete signature packet in
>memory.  Signatures may be (theoretical) very large - up to 4 Gigs and
>due to this they have to be handled like plaintext.

>Doess it really make sense to build a protocol - based on OpenPGP - 
>which puts all it's dat into a signature packet?  Such data should go
>into a literal text packet or some new packet type.

IMNSHO it is brain dead to stuff data into signature packets. It is not
where it belongs. PGP has a very nice and simple signature format: A hash
of the data encrypted with the signer's public key. That's all that needs
to be there, no need to start bloating out the signatures.

William H. Geiger III  http://www.openpgp.net
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii

Hi Jeff!! :)