notation data & policy URL
David Shaw
dshaw at jabberwocky.com
Sat Apr 10 13:09:16 CEST 2004
On Sat, Apr 10, 2004 at 03:15:33AM -0400, Atom 'Smasher' wrote:
> it places the notation and URL on both the signing key and the encryption
> sub-key:
> %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
> $ gpg --list-key --show-policy --show-notation 2A42B922
> pub 1024D/2A42B922 2004-04-10 testing <testing at abc.xyz>
> sig 3 PN 2A42B922 2004-04-10 testing <testing at abc.xyz>
> Signature policy: http://test-policy
> Signature notation: A at B=test notation
> sub 1024g/5A5D67E7 2004-04-10
> sig PN 2A42B922 2004-04-10 testing <testing at abc.xyz>
> Signature policy: http://test-policy
> Signature notation: A at B=test notation
> %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
>
> while i do understand the logic (they ~are~ both certification
> signatures), it seems redundant... shouldn't it be sufficient to only add
> those packets to the signing key?
Nope. It's dangerous for a program to try and be "smart" and guess
what you really mean. You asked for a notation in both certs, so you
got it.
Notations are a general-purpose extension mechanism. To do this, they
need to be usable anywhere a signature is generated.
David
More information about the Gnupg-users
mailing list