[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: V5 signatures

Jon Callas, <jon@callas.org>, writes, regarding data in sig packets:

> The reason I want it there is so that someone, if they wanted to, could
> make a "bloated" signature. An example of why you might want to do this is
> PGPticket. These are very light weight authorization certificates. Vinnie
> has a great example of using this. He has a file-server extension that
> accepts tickets and can allow you access to the server simply by writing
> you an appropriate ticket. It's very cool, and works really nicely.

Couldn't this be done though by simply defining a data packet format
as for any other protocol, then signing the data packet?  I don't see
any inherent reason why all authenticated data must go in sig packets.
Sigs authenticate the data packets they sign, so anything in those data
packets is as strongly authenticated as the contents of the sig packets.