Hi,
I have found a solution for alternate user ids and a way to sign them
which avoid the space and time overhead by the pgp scheme. It does
not break existing implementations and is compliant with OpenPGP. The
drawback is that PGP 5 cannot check these signatures.
The solution is quite simple: We use OpenPGP sub-packets (a private one
for now) to store the hash of the key and the user id to be signed. If
the signature of the user id which is directly signed is okay we can
proceed and compare the hash values of the alternate user ids, if they
compare okay we have a valid signature on the other user id too. If
they don't match we know that the signature is invalid or calculated
on a user id which has been removed. This methods needs only 23
additional bytes per signed alternate user id compared to about 68
for a complete DSA signature (or even more for an ElGamal signature).
It also saves time, as the time consuming signature verification has
only to be done once.
Comments?
Werner
I have found a solution for alternate user ids and a way to sign them
which avoid the space and time overhead by the pgp scheme. It does
not break existing implementations and is compliant with OpenPGP. The
drawback is that PGP 5 cannot check these signatures.
The solution is quite simple: We use OpenPGP sub-packets (a private one
for now) to store the hash of the key and the user id to be signed. If
the signature of the user id which is directly signed is okay we can
proceed and compare the hash values of the alternate user ids, if they
compare okay we have a valid signature on the other user id too. If
they don't match we know that the signature is invalid or calculated
on a user id which has been removed. This methods needs only 23
additional bytes per signed alternate user id compared to about 68
for a complete DSA signature (or even more for an ElGamal signature).
It also saves time, as the time consuming signature verification has
only to be done once.
Comments?
Werner