timestamp (0x40) signatures?

David Shaw dshaw at jabberwocky.com
Mon Mar 4 18:19:01 CET 2002


On Mon, Mar 04, 2002 at 05:21:04PM +0100, Werner Koch wrote:
> On Mon, 4 Mar 2002 10:11:30 -0500, David Shaw said:
> 
> > define what it is a signature on (if anything).  RFC 1991 goes into
> > more detail and defines it as a signature on a signature, which is
> > more useful - this is the idea of a notary for PGP, which proves
> > that
> 
> Indeed.  A timestamping service makes more sense when it can be used
> to certify that a given signature was done at that time.
> 
> Does PGP implemnt this, are there any notary services out providing
> such a service, should we clear this up in the next OpenPGP draft?

As far as I can tell, nobody implements this.  I just tried feeding a
0x40 signature to PGP (6 and 7) and it just ignored it.  PGP 2 doesn't
like it either (no surprise).

I think it would be very good to clear this up in the next OpenPGP
draft though.  A notary signature sounds very useful and if it was
clear what it meant, then we could implement and use it :)

> BTW, I have released 1.0.6d but not written an announcement yet.

Cool!

David

-- 
   David Shaw  |  dshaw at jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson




More information about the Gnupg-devel mailing list