On Sun, Mar 20, 2005 at 01:37:04PM -0500, David Shaw wrote: > On Sun, Mar 20, 2005 at 12:18:42PM -0500, Jason Harris wrote: > > On Sat, Mar 19, 2005 at 10:35:47PM -0500, David Shaw wrote:
> > > I agree with your general idea here, but not the details, exactly. > > > What GnuPG does in this case is to take the 1-Jan-2000 signature and > > > ignore any that follow. > > > > As I said, that makes them decidedly non-modifiable instead of simply > > non-revocable. > > > > > I don't like the idea of a signature that is temporarily superceded. > > > Either it is superceded (and can be removed) or it is not. It's a bit > > > > If one doesn't insist that the latest non-revocable, superceded sigs > > are to be removed, I don't see the problem with temporarily superceded > > sigs. > > I think we're not communicating again. There is no visible difference > between these two things. What's to have a problem with? From your last message, I remain under the impression that the non-revocable sig. is used and any sigs that might supercede it are _never_ used. > Seriously, think about it: > > non-revocable sig 1-Jan-2000 > expiring sig 2-Jan-2000 (expires 10-Jan-2000). > > Now, say it's January 3rd. According to what you want, the signature > that gets used is the 2-Jan-2000. Then, suddenly, on 10-Jan-2000, > when that signature expires, the 1-Jan-2000 signature is used. (Yes, I continue to advocate this (superceding of non-revocable sigs).) > End result: there is always a signature. > > According to what actually happens, the signature that is used is > 1-Jan-2000. > > End result: there is always a signature. There is only ever one signature (that GPG uses): the 1-Jan-2000 signature, correct? > I suggest that if it bothers you all that much, you pretend that it's > doing what you want. It's not like there is a way to tell the > difference. I can imagine scenarios where there would be a difference, regardless of how useful others may consider them in practice. For example, I issue a non-revocable 0x12 sig. Later, I want to upgrade it to a 0x13 sig. (revocable or non-revocable). IIUC, GPG will always use the non-revocable 0x12 sig., correct? If so, I think we're communicating just fine, but have a difference of opinion over this issue. > > BTW, what has your testing of other (OpenPGP(?)) encryption programs > > uncovered? > > Haven't checked yet. I don't know that it'll be terribly illuminating > on the subject of non-revocable sigs since so far as I know, GnuPG is > the only one that implements them (except for the usual use in > designated revokers). It might reveal something interesting about > expiring sigs though. OK. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004
pgpAFi9ZqgTYI.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
