Signatures and GnuPG and PGP 6.8.X

L. Sassaman
Wed, 25 Oct 2000 18:00:19 -0700 (PDT)

Hash: SHA1

On Wed, 25 Oct 2000, John Bacalle wrote:

> I'm not fully grabbing ``to make v4 sigs on non-key material.'' I see
> the talk of expiration dates, adding notation data, but I'm fuzzy on
> what this fully means?
You have a document. You sign it. That's a signature on non-key material. (Basically, anything you sign is non-key material unless it is a key you are signing.) Notation data is interesting, but isn't implememented in NAI's PGP, and isn't really useful in GnuPG. (I think the only way you can see it is via - --list-packets). I could see an expiration on a signature made on a file to be useful under some obscure situations. But 99% of the time, v4 signatures won't give you any advantage over v3 unless they're made on keys. And remember, 7.0 is the first version of PGP that can grok them on non-key material. - --Len. __ L. Sassaman Security Architect | "The world's gone crazy, Technology Consultant | and it makes no sense..." | | --Sting -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE594IqPYrxsgmsCmoRArIcAKCBo/Tb7CG05JsSDpgfSe/8KGYOJQCeN6YM jZ+NOGcf56rKWluLbD7oSrE= =TuD9 -----END PGP SIGNATURE----- -- Archive is at - Unsubscribe by sending mail with a subject of "unsubscribe" to