On Fri, Mar 18, 2005 at 12:30:32PM -0500, Jason Harris wrote: > > It is not good design to hamper the majority of users to please the > > minority of users who like to calculate key signing statistics. In > > Everyone who feels expiring signatures hamper their keys should > raise the issue with those generating such burdensome signatures.
That's somewhat impractical. Should we ban expiring signatures? You seem to have a problem with the GD because it issues fast-expiring signatures, but many people use expiring signatures. Even if people issued 1-year signatures, there would be a problem eventually. In the real world, we cannot control what other people generate. The best we can do is "be liberal in what we accept, and conservative in what we generate". > Furthermore, I don't see a lot of difference between expired signatures > and superceded signatures, yet GPG doesn't (currently) throw away the > latter: There is a significant difference. An expired signature is *expired*. It's dead as Marley. A superceded signature is very much alive, and is used *unless something better is present*. In GPG, an expiring (but not yet expired) signature will supercede an earlier signature from the same signer. Once this signature expires, it still supercedes the earlier signature (thus effectively disabling the original signature). Thus you have a perfectly valid signature that is disabled by an expired signature. This is one of those interesting areas of the trust model where things get fuzzy: it's not clear what the semantics should be here, since it requires GPG to guess what the signer "really meant" to say, and worse, guess this without all the data at hand. It gets messy very fast: if I sign a key with no expiration, then sign it again with an expiration, then the second signature expires - is my original signature still valid? Maybe I actually revoked the first signature, but the revocation packet isn't present right now, or was stripped out by the key owner. Maybe the second signature was a short term signature because the original signature wasn't present at that time. Add to that the problems of packets being missing and bad clocks, and it's a very fuzzy question indeed. I recommend that if people want to replace an earlier signature with a new, expiring, signature, they first revoke the earlier signature, and only then issue the new expiring signature. This way there are much fewer questions as to the intent of the signer, and many fewer opportunities for the trust code to guess wrong. David _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
