gpg: can't put a policy URL into v3 (PGP 2.x style) signature
atom-gpg at suspicious.org
Sat Apr 10 20:33:04 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
> > > PGP compatibility. No version of PGP before 8 can reliably handle v4
> > > signatures.
> > =======================
> > then this looks like a typo in the man page...
> > --force-v3-sigs
> > --no-force-v3-sigs
> > OpenPGP states that an implementation should generate v4 sig-
> > natures but PGP versions 5 through 7 only recognize v4 signa-
> > tures on key material. This option forces v3 signatures for
> > signatures on data. Note that this option overrides --ask-
> > sig-expire, as v3 signatures cannot have expiration dates.
> > --no-force-v3-sigs disables this option.
> Where is the typo?
logic dictates that these statements can not both be correct:
* "No version of PGP before 8 can reliably handle v4 signatures."
* "PGP versions 5 through 7 only recognize v4 signatures on key material."
-- gpg (1.2.4) man page
assuming that you [dave] are correct, then the man page must be wrong.
> > also, this seems like a deviation from the usual behavior, that if there's
> > a "--force-xyz" and a "--no-force-xyz", the "--no-force-xyz" is usually
> > the default, unless otherwise specified.
> The default is just the one that is most appropriate. There is no
> standard behavior to have the "no" value be the default. Note
> "--escape-from", "--mangle-dos-filenames", and "--ask-cert-level" are
> also default-to-yes.
that seems like a slight (very slight!) deviation from the RFC (5.2):
Implementations SHOULD generate V4 signatures. Implementations
MAY generate a V3 signature that can be verified by PGP 2.6.x.
obviously not a catastrophic deviation, but i didn't see it mentioned
anywhere... not even doc/gnupg/OpenPGP.
i would think that the same thing could be accomplished in a more
RFC-compliant (and easier to figure out) way by making the default
behavior to use v4 signatures, but including "force-v3-sigs" in the
default config file. (IMHO) that would keep the application closer to the
RFC ideal, but in practice it would still be compatible with older
versions of PGP(tm).
if there are only a few yes/no options that default "yes", then i'd like
to request that the man page specify that those options (that you list
above) default to "yes", while all of the other yes/no options default to
"no". or... each yes/no option should explicitly state (in the man page)
what it defaults to, and if it's overridden in the default config file.
the default config file would also be a good place to explain why a
default would be overridden, as with the case of why v3 signatures are
PGP key - http://atom.smasher.org/pgp.txt
3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
"I spent 33 years and four months in active service in the
country's most agile military force, the Marines. I served
in all ranks from second lieutenant to major general. And
during that period I spent most of my time being a
high-class muscle man for Big Business, for Wall Street and
the bankers. In short, I was a racketeer, a gangster for
"I suspected I was just part of a racket at the time. Now I am
sure of it. Like all members of the military profession I
never had an original thought until I left the service. My
mental faculties remained in suspended animation while I
obeyed the orders of the higher-ups. This is typical with
everyone in the military service.
"Thus I helped make Mexico, and especially Tampico, safe for
American oil interests in 1914. I helped make Haiti and Cuba
a decent place for the National City Bank boys to collect
revenue in. I helped in the raping of half-a-dozen Central
American republics for the benefit of Wall Street. The
record of racketeering is long. I helped purify Nicaragua for
the international banking house of Brown Brothers and Co. in
1909-1912. I brought light to the Dominican Republic for the
sugar interests in 1916. I helped make Honduras "right" for
American fruit companies in 1903. In China in 1927 I helped
see to it that Standard Oil went its way unmolested.
"During those years, I had, as the boys in the back room would
say, a swell racket. I was rewarded with honors, medals, and
promotion. Looking back on it, I feel that I might have given
Al Capone a few hints. The best he could do was to operate a
racket in three city districts. The Marines operated on three
-- Smedley D. Butler, (1881-1940)
Major Gen U.S. Marines
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures
-----END PGP SIGNATURE-----
More information about the Gnupg-users