security patches

David Shaw dshaw@jabberwocky.com
Sun Oct 7 22:54:02 2001 

--bg08WKrSYDhXBjb5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Oct 06, 2001 at 11:08:07PM +0200, Werner Koch wrote:

> On Sat, 06 Oct 2001 22:39:22 +0200, Florian Weimer said:

>=20

> > With the current development version, you can even strip the local

> > flag without invalidating the signature.

>=20

> Ah yes, it is in the non hashed area.  OpenPGP is vague about this.

> Thinking again about this issue and somepossible threat models it

> might make sense to put it into the hashed area.


Yes.  Local sigs, and how they are represented in packets are
interesting because - in theory - they should never be seen off of a
local keyring.  That's the whole point of local :)

Of course, this is the real world, and it will eventually happen (say,
if someone moves entire keyrings around rather than using --export).
I agree the subpacket should really be in the hashed area, so the
signature can't be tampered with and changed into an exportable
signature.


> After all the use of

> the unhashed area is somewhat questionable; itwould have been better

> to put such informations intoan extra packet and avoid this at all in

> OpenPGP.  BTW, the same is true for S/MIME.


I like that signature subpackets can exist in the hashed or non-hashed
segments.  It allows for two levels of importance to the subpacket -
in the hashed area, it is making a statement that the signer considers
the information important enough to break the signature if the data is
removed (the subpacket doesn't have to be processed necessarily
(that's for the critical flag to decide), but it must at least be
available.  In the non-hashed area, it is making a statement that the
signer does not stand by the information (indeed, the signer may not
have said it at all), but it is hopefully useful and/or interesting.

Obviously, the hashed area is a heck of a lot more useful in
practice...

David

--=20
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+--------------------------------------------------------------------------=
-+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

--bg08WKrSYDhXBjb5
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQEVAwUBO8DAcIccwqs8s7QVAQFgaAgArxX8vnJEJxLNnpWZMjIJpj0YW/6luYId
szLp1LBRDIyEbcjNDH5T2pgJ0hh2XYO8e93t4NO7qaIvpy1MjbI9OvVvI2zAMNMm
RIzTjMW/DXu+uxZ936lBSkXKqVm+Izz49LFrxee0VMd7PLbSvWqAJ5bNHMiWB4PU
tSzciFlNOGxIJTMankDnfZTJJlYPDtoTJUct0NJTNrXtiHgEmqK/deKC2sUuftNJ
ymYuhD5Q1qv9YQzAKEfHiYdzwxvXlASA//RghXF9OIRNP01612zfp6Q1Y4ZxSJm4
NTWADHzAkguuKhP9QoODYSZo2ertEqIZOEApjh2DkPu+r8Fpf/5HhA==
=Z/GL
-----END PGP SIGNATURE-----

--bg08WKrSYDhXBjb5--