PGP and signing subkeys

David Shaw
Tue Dec 3 04:10:01 2002

On Mon, Dec 02, 2002 at 12:22:56PM -0800, Len Sassaman wrote:

> Also, PGP 8 knows to ignore the comments packets in the secret keys
> generated with GnuPG, so --no-comment is no longer necessary when
> exporting those keys, and PGP can now verify v4 signatures with expiration
> dates on regular files (though the client UI ignores the expiration
> status).

I wouldn't call that a particularly great feature...  If a user sets
an expiration date, and that date has passed, the UI should note that
fact.  That signature is not "good" any longer.

GnuPG sets the critical bit for its expiring signatures, which causes
them to be invalid in PGP 8 anyway, so this isn't an issue with GnuPG.
That's a feature ;)

The PGP 8 behavior is legal according to the spec, but it is
unfortunate.  I'd rather see the UI report "expired signature" or some


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson