[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: V5 signatures

At 7:48 AM -0700 6/18/1999, William H. Geiger III said:

   IMNSHO it is brain dead to stuff data into signature packets. It is not
   where it belongs. PGP has a very nice and simple signature format: A hash
   of the data encrypted with the signer's public key. That's all that needs
   to be there, no need to start bloating out the signatures.

So don't do that.

The reason I want it there is so that someone, if they wanted to, could
make a "bloated" signature. An example of why you might want to do this is
PGPticket. These are very light weight authorization certificates. Vinnie
has a great example of using this. He has a file-server extension that
accepts tickets and can allow you access to the server simply by writing
you an appropriate ticket. It's very cool, and works really nicely.

I cannot conceive of why you would need more than 8383 bytes in a ticket
(or 64K), either, but all my years of design have taught me that you never
regret making a length field idiotically big. The gods punish hubris, and
in protocol design, two-byte lengths are hubris.