policy url's

Charles Mauch cmauch at gmail.com
Mon Jul 4 04:28:50 CEST 2005

Could someone explain to me the practical differences between

--sig-policy-url and --cert-policy-url?

The manpage for GnuPG says

--set-policy-url string
      Use string as a Policy URL for signatures (rfc2440:  If you
prefix it with an exclamation mark (!), the policy URL packet  will be
flagged as critical.  --sig-policy-url sets a policy url for data
signatures.   --cert-policy-url  sets a policy  url for key signatures
(certifications).  --set-pol‐ icy-url sets both.  The same %-expandos used
for notation data are available here as well.

I ask because i'm guessing that the --sig-policy points to a document that
describes your personal keysigning policies, and --cert-policy would point
to the notes that describe the validity and process you went through to
validate someone's identity and match it to their fingerprint.

Am I right?  Is this just one of many interpretations?

When would one need to use the critical flag?

Just curious.

Take it easy, [cmauch at taclug.org]

Charles Mauch, FSF Apologist, Debian/Ubuntu/Gentoo user, etc.
Every message PGP or S/MIME signed to verify authenticity.

Many Bothans died to bring you this information.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20050703/c2029ec4/attachment.pgp

More information about the Gnupg-users mailing list