[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Multiple OpenPGP messages per file: legal or not?

Ian G wrote:
> Hmm....  Consider this delicious example of a signed file:
> http://webfunds.org/ricardo/contracts/webfunds/BeerVouchers.html
> What would it mean if there were *two* such sequences in the one file? 

It would mean there were two signed messages in that file.

> Does the order matter?  Is there any meaning to what comes before or
> after that data stream?  Does the file creation date mean anything?

These questions are beyond the scope of OpenPGP.

Also, I might as well ask the same questions about two separate files
with messages in. For example, if I follow this URL
http://webfunds.org/ricardo/contracts/webfunds/, there appear to be four
such messages linked. Does the order matter? blah, blah...

> In that example the app benefits from OpenPGP's decision to concentrate
> on the byte-stream definition.  The app then arranges matters locally to
> extract out the byte-stream and deal with it, knowing that it is dealing
> with one and only one chunk.  In that case, the app certainly ignores
> any follow-on packets, and/or declares an error, and it certainly
> doesn't want OpenPGP telling it to expect an endless stream of them.

The app is, of course, free to say "I expect a single OpenPGP message
per file". That doesn't mean the spec can't permit multiple messages per

http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff