Signatures and GnuPG and PGP 6.8.X
L. Sassaman
rabbi@quickie.net
Wed, 25 Oct 2000 18:00:19 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 25 Oct 2000, John Bacalle wrote:
> I'm not fully grabbing ``to make v4 sigs on non-key material.'' I see
> the talk of expiration dates, adding notation data, but I'm fuzzy on
> what this fully means?
You have a document. You sign it. That's a signature on non-key
material. (Basically, anything you sign is non-key material unless it is a
key you are signing.)
Notation data is interesting, but isn't implememented in NAI's PGP, and
isn't really useful in GnuPG. (I think the only way you can see it is via
- --list-packets).
I could see an expiration on a signature made on a file to be useful under
some obscure situations. But 99% of the time, v4 signatures won't give you
any advantage over v3 unless they're made on keys. And remember, 7.0 is
the first version of PGP that can grok them on non-key material.
- --Len.
__
L. Sassaman
Security Architect | "The world's gone crazy,
Technology Consultant | and it makes no sense..."
|
http://sion.quickie.net | --Sting
-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.
iD8DBQE594IqPYrxsgmsCmoRArIcAKCBo/Tb7CG05JsSDpgfSe/8KGYOJQCeN6YM
jZ+NOGcf56rKWluLbD7oSrE=
=TuD9
-----END PGP SIGNATURE-----
--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org