On Thu, Mar 17, 2005 at 11:35:20PM -0500, David Shaw wrote: > All I care is that both signatures have since expired, and are > therefore irrelevant to me. To say nothing of the fact that anyone > who thinks that OpenPGP has strong date semantics - and bases their > behavior on that - is fooling themselves in a wonderfully large way.
Your point is unclear. Unless revocation and signature targets are specified, dates are used to determine which signatures revoke/modify/ supercede other (chronologically earlier) signatures by the same issuer. Unsynchronized clocks are unfortunate, yes, but we still generally must take timestamps at face value. > It is not good design to hamper the majority of users to please the > minority of users who like to calculate key signing statistics. In Everyone who feels expiring signatures hamper their keys should raise the issue with those generating such burdensome signatures. Furthermore, I don't see a lot of difference between expired signatures and superceded signatures, yet GPG doesn't (currently) throw away the latter: pub 1024D/B56165AA 2003-02-22 uid Darren Chamberlain sig!3 B56165AA 2003-09-24 Darren Chamberlain sig!3 B56165AA 2003-02-26 Darren Chamberlain sig!3 B56165AA 2003-02-26 Darren Chamberlain -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004
pgp2501PMB9jy.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
