Expiration and V3/V4 self signatures
Werner Koch
wk at gnupg.org
Tue May 7 11:07:01 CEST 2002
On Tue, 07 May 2002 09:43:44 +0200, Florian Weimer said:
> * packet.h, parse-packet.c (parse_key), getkey.c (merge_keys_and_selfsig,
> merge_selfsigs_main): a v3 key with a v4 self-sig must never let the v4
> self-sig express a key expiration time that extends beyond the original v3
> expiration time.
> * keyedit.c (sign_uids): If --expert it set, allow re-signing a uid to
> promote a v3 self-sig to a v4 one. This essentially deletes the old v3
> self-sig and replaces it with a v4 one.
> Don't these two features conflict with each other?
No. Why should they?
As you know the expiration time in a v3 key is stored unchangeable
with the key whereas it is store in a self-signature with a v4 key.
The first change makes sure that the expiration time from a v4
signature on a v3 key can not be used to extend the expiration time
over the one set with the v3 key and the latter change simply promotes
a v3 self-signature to a v4 self-signature with an expiration time
(set to the one from the v3 key).
Werner
More information about the Gnupg-devel
mailing list