Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID:
 <SYCPR01MB3661379F4E31EE1A57A2F310EEBBA@SYCPR01MB3661.ausprd01.prod.outlook.com>
Date: Fri, 2 Jan 2026 15:23:14 +0000
From: Peter Gutmann <pgut001@...auckland.ac.nz>
To: Collin Funk <collin.funk1@...il.com>, "oss-security@...ts.openwall.com"
	<oss-security@...ts.openwall.com>
CC: "kf503bla@...k.com" <kf503bla@...k.com>
Subject: Re: Re: Best practices for signature verifcation

Simon Josefsson writes:

>I don't think CMS/PKCS#7 offers anything compelling that PGP doesn't, and the
>complexity is horrible (just think ASN1).

That's a persistent myth dating back to 35-40 years ago when someone who
didn't understand ASN.1 very well tried to hand-code a parser for it, did a
not-very-good job, and said "gosh, this is so much harder than using XDR!".
Since everyone today will be using either an ASN.1 compiler or an ASN.1
library, or more practically something that does CMS for you, it's pretty much
irrelevant.

However, my suggestion was to use the Authenticode model for code signing
(which MS put a lot of thought into and which has had decades of real-world
testing by billions of users) but the OpenPGP data format.  Everyone and
everything already expects OpenPGP signatures, they're just applied really
badly (think KEYEXPIRED).  OpenPGP no doubt contains something usable for
timestamping since it also contains almost everything else on earth... let's
see:

  5.2.1.14. Timestamp Signature (Type ID 0x40)

  This signature is only meaningful for the timestamp contained in it.

"This notice is placed here to fulfil the statutory requirement that a notice
be placed here".  So the building blocks are there, you'd just need to define
semantics for them.

Peter.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.