[gnupg-1.0.6] local signatures may be exportable

Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
Fri Jul 27 16:01:01 2001


Thomas Roessler <roessler@does-not-exist.org> writes:


> > I've got a patch (against an earlier version of GnuPG) which does
> > similar things for implementing signature expiration and notation
> > data even with V3 issuer and signed keys. (A V4 signature is
> > generated in this case as well.)
>
> Like the attached patch?
Well, sort of. Mine is a bit more complicated because it also works around the protocol error in RFC 2440 related to V4 key expiration (V4 key expiration time is not covered by certificates because it is only contained in the self signature, not in the key material, in contrast to V3 keys): If the key to be signed is a V4 key with an expiration time set, a V4 signature is made which expires at that time, too (or even earlier). -- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898