On Friday 09 January 2009 02:04:59 Julien R Pierre - Sun Microsystems wrote: > On Friday 09 January 2009 04:32:41 Ben Bucksch wrote: <snip> > > > > Can we create another extension? The signature itself is a shell around > > the certified bits. Add the second signature around that first signature. > > > > There must be a way to add signatures. It's a base feature in PGP! If > > it's entirely impossible to have two signatures, and no way to add it to > > the spec, that's a design error. It's hard to believe that it's so > > limited. > > If one wanted to have another signature, it wouldn't be as an extension, > since, as Nelson pointed out, extensions are part of what gets signed. > The current single signature is not an extension. > > Well, I guess somebody did it anyway : > http://www.freepatentsonline.com/y2008/0270788.html > > sigh.
Ben, Julien, That IBM patent application does not yet appear to have been reviewed and either granted or rejected. I made a similar suggestion to ietf.pkix in October 2006. See... http://www.imc.org/ietf-pkix/mail-archive/msg01964.html ...and the rest of that thread, including... http://www.imc.org/ietf-pkix/mail-archive/msg01984.html IANAL, but I think this should be sufficient prior art against the main claims in the IBM patent application. Ben, I agree that having multiple signatures in a certificate could be useful. If, for example, the certificates in the wild today contained both MD5/RSA and SHA-1/RSA signatures, Mozilla would be able to disable MD5 support *today* without "breaking the internet", as long as the majority of relying party software could process the additional signatures. If the industry chose to introduce such a thing now, it could help us all in the future when we need to move from SHA-1 to SHA-2, or from SHA-1/SHA-2 to SHA-3, etc. -- Rob Stradling Senior Research & Development Scientist Comodo - Creating Trust Online Office Tel: +44.(0)1274.730505 Fax Europe: +44.(0)1274.730909 www.comodo.com Comodo CA Limited, Registered in England No. 04058690 Registered Office: 3rd Floor, 26 Office Village, Exchange Quay, Trafford Road, Salford, Manchester M5 3EQ This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by replying to the e-mail containing this attachment. Replies to this email may be monitored by Comodo for operational or business reasons. Whilst every endeavour is taken to ensure that e-mails are free from viruses, no liability can be accepted and the recipient is requested to use their own virus checking software. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
