On Sun, Mar 20, 2005 at 12:18:42PM -0500, Jason Harris wrote:
> On Sat, Mar 19, 2005 at 10:35:47PM -0500, David Shaw wrote:
> > On Sat, Mar 19, 2005 at 03:25:32PM -0500, Jason Harris wrote:
>
> > > The sig. of 1-Jan-2000 is valid and usable. It can only be ignored when
> > > superceded.
> >
> > I agree with your general idea here, but not the details, exactly.
> > What GnuPG does in this case is to take the 1-Jan-2000 signature and
> > ignore any that follow.
>
> As I said, that makes them decidedly non-modifiable instead of simply
> non-revocable.
>
> > I don't like the idea of a signature that is temporarily superceded.
> > Either it is superceded (and can be removed) or it is not. It's a bit
>
> If one doesn't insist that the latest non-revocable, superceded sigs
> are to be removed, I don't see the problem with temporarily superceded
> sigs.
I think we're not communicating again. There is no visible difference
between these two things. What's to have a problem with?
Seriously, think about it:
non-revocable sig 1-Jan-2000
expiring sig 2-Jan-2000 (expires 10-Jan-2000).
Now, say it's January 3rd. According to what you want, the signature
that gets used is the 2-Jan-2000. Then, suddenly, on 10-Jan-2000,
when that signature expires, the 1-Jan-2000 signature is used.
End result: there is always a signature.
According to what actually happens, the signature that is used is
1-Jan-2000.
End result: there is always a signature.
I suggest that if it bothers you all that much, you pretend that it's
doing what you want. It's not like there is a way to tell the
difference.
> BTW, what has your testing of other (OpenPGP(?)) encryption programs
> uncovered?
Haven't checked yet. I don't know that it'll be terribly illuminating
on the subject of non-revocable sigs since so far as I know, GnuPG is
the only one that implements them (except for the usual use in
designated revokers). It might reveal something interesting about
expiring sigs though.
David
_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
