* Werner Koch: >> However, when a V4 key is signed, the certification signature does not >> cover the expiration date. The key holder (legitimate or not) can > > Wrong. Look at my key: > > :public key packet: > version 4, algo 17, created 1199118275, expires 0 > pkey[0]: [2048 bits] > pkey[1]: [224 bits] > pkey[2]: [2046 bits] > pkey[3]: [2048 bits] > :user ID packet: "Werner Koch <w...@g10code.com>" > :signature packet: algo 17, keyid F2AD85AC1E42B367 > version 4, created 1199118881, md5len 0, sigclass 0x13 > digest algo 11, begin of digest 2a 29 > hashed subpkt 27 len 1 (key flags: 03) > hashed subpkt 9 len 4 (key expires after 11y2d12h35m) > [...] > subpkt 16 len 8 (issuer key ID F2AD85AC1E42B367) > > The signature packet is the certification for the key and user id. A > signature packet consist of subpackets which may either be hashed or > unhashed. Hashed subpackets are part of the signed material and thus > can't be removed.
Isn't this a self-signature? I was talking about third-party signatures on the key. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography