Mailing List Archive

Clarify how KRLs with multiple signatures are created
Hi,

when signing a KRL with multiple keys, it's somewhat unclear if signed data includes prior signatures.
My expectation would have been that signatures are created independent
of each other, but that's not the case.

For clarification, I'd like to suggest this patch to the documentation:

diff --git a/PROTOCOL.krl b/PROTOCOL.krl
index 115f80e5..bd0ffe6b 100644
--- a/PROTOCOL.krl
+++ b/PROTOCOL.krl
@@ -160,6 +160,7 @@ two string components instead of one.
The signature is calculated over the entire KRL from the KRL_MAGIC
to this subsection's "signature_key", including both and using the
signature generation rules appropriate for the type of "signature_key".
+Prior signature sections are part of the signed data as well.

This section must appear last in the KRL. If multiple signature sections
appear, they must appear consecutively at the end of the KRL file.


n.b.: the code for creating signatures is implemented in ssh_krl_from_blob, but
ssh-keygen doesn't make use of it. So I assume signed KRLs is a little used feature.

Cheers
Jörn Heissler