Allowing "duplicate" signatures

Matthew Byng-Maddick gnupg at lists.colondot.net
Mon Aug 6 11:50:01 CEST 2001


On Sun, Aug 05, 2001 at 07:02:50PM -0400, Michael Young wrote:
> As it stands, GnuPG refuses to sign a key/name pair with a particular
> key if a signature by that signing-key already exists.  There are
> several reasons that you might want to do that, though.  As noted
> in the code, the existing signature could be revoked.  Similarly,
> it could be expired.  You might also want to generate a new
> signature with new properties (subpacket values):
>     new expiration time;
>     new signature type (not yet selectable, but I'd like it to be);
>     different notation data;

Yes, definitely. If the patches posted here that I've written or something
similar gets included in GnuPG, then there is value in being able to add
and revoke signatures with various different notation data in them.

>     different "trust signature" value, or associated regular expression; or,
>     different exportability.
> I recognize that these are somewhat unusual circumstances, and
> there is value in pointing out that a signature already exists.

Pointing out, yes. Preventing a new signature, maybe not.

> I propose adding a command-line switch to override the duplicate
> checking.  I'd be happy to contribute a patch for it... any
> suggestions on the name for the switch, or on another approach?

I can't sensibly do this, but one thing we have to do is to make sure that
the keyservers are not unhappy with there being more than one signature by
the same key.

MBM

-- 
Matthew Byng-Maddick         <mbm at colondot.net>           http://colondot.net/




More information about the Gnupg-devel mailing list