Hi, when signing a KRL with multiple keys, it's somewhat unclear if signed data includes prior signatures. My expectation would have been that signatures are created independent of each other, but that's not the case. For clarification, I'd like to suggest this patch to the documentation: diff --git a/PROTOCOL.krl b/PROTOCOL.krl index 115f80e5..bd0ffe6b 100644 --- a/PROTOCOL.krl +++ b/PROTOCOL.krl @@ -160,6 +160,7 @@ two string components instead of one. The signature is calculated over the entire KRL from the KRL_MAGIC to this subsection's "signature_key", including both and using the signature generation rules appropriate for the type of "signature_key". +Prior signature sections are part of the signed data as well. This section must appear last in the KRL. If multiple signature sections appear, they must appear consecutively at the end of the KRL file. n.b.: the code for creating signatures is implemented in ssh_krl_from_blob, but ssh-keygen doesn't make use of it. So I assume signed KRLs is a little used feature. Cheers J?rn Heissler -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20220822/420f48f6/attachment.asc>