Allowing "duplicate" signatures

Werner Koch wk at gnupg.org
Tue Aug 7 15:51:02 CEST 2001


On Mon, 6 Aug 2001 10:05:57 -0400, David Shaw said:

> Trust-wise, the calculation has to match up the valid sigs with valid
> revocations (the time stamp can help here to a certain degree) and see
> if there are more sigs than revocations.

The way GnuPG handles this is by always assuming that the latest
valid signature is the one to use. older signatures are just ignored.
This also solves the problem of revoking revocations very easy.  If
you have to revoke your key or a key signature you have to revoke the
entire key anyway.

A nice feature for GnuPG would be to reorder signatures so that a
messed up keyblock can be put back into order.  Well, this can of course
only work for valid signatures ;-)

-- 
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus





More information about the Gnupg-devel mailing list