Re: Re: Best practices for signature verifcation

[Peter Gutmann <pgut001 () cs auckland ac nz>]

Simon Josefsson writes:

> I don't think CMS/PKCS#7 offers anything compelling that PGP doesn't, and the
> complexity is horrible (just think ASN1).

That's a persistent myth dating back to 35-40 years ago when someone who
didn't understand ASN.1 very well tried to hand-code a parser for it, did a
not-very-good job, and said "gosh, this is so much harder than using XDR!".
Since everyone today will be using either an ASN.1 compiler or an ASN.1
library, or more practically something that does CMS for you, it's pretty much
irrelevant.

However, my suggestion was to use the Authenticode model for code signing
(which MS put a lot of thought into and which has had decades of real-world
testing by billions of users) but the OpenPGP data format.  Everyone and
everything already expects OpenPGP signatures, they're just applied really
badly (think KEYEXPIRED).  OpenPGP no doubt contains something usable for
timestamping since it also contains almost everything else on earth... let's
see:

  5.2.1.14. Timestamp Signature (Type ID 0x40)

  This signature is only meaningful for the timestamp contained in it.

"This notice is placed here to fulfil the statutory requirement that a notice
be placed here".  So the building blocks are there, you'd just need to define
semantics for them.

Peter.