Retaining expired sigs

Jason Harris jharris at widomaker.com
Sat Mar 19 21:25:32 CET 2005 

On Sat, Mar 19, 2005 at 02:26:07PM -0500, David Shaw wrote:

> I agree.  It's not just expired and superceded signatures.  There are
> a good number of other semantic questions that are not covered in 2440
> or 2440bis.  For example, the so-called "PGP trust model" is not
> covered anywhere.  This is historical: the original plan for the IETF
> group was that there would be multiple specifications (a message
> format document, a trust model document, etc).  Unfortunately, only
> the message format document was written, and it became 2440.

That explains a lot.  Thanks.

> about the same thing.  Given this case:
> 
> 	   non-revocable sig    1-Jan-2000
> 	   revocable sig        2-Jan-2000
> 	   revocation           3-Jan-2000
> 
> One way of looking at this is the end result is nothing.  That is, the
> revocable sig of 2-Jan-2000 has superceded the non-revocable sig of
> 1-Jan-2000, and then the revocation has revoked the sig of 2-Jan-2000.
> There are no valid sigs left, and all three can be disregarded.

This would be letting the non-revocable sig. be indirectly revoked,
which I don't believe anyone is advocating.

> Another way of looking at this is that the revocable sig of 2-Jan-2000
> has not superceded the non-revocable sig of 1-Jan-2000.  The
> revocation of 3-Jan-2000 has revoked the sig of 2-Jan-2000, which
> leaves the non-revocable sig of 1-Jan-2000 as valid and usable.

This is what I am advocating.

> Now try this case:
> 
> 	   non-revocable sig    1-Jan-2000
> 	   expired sig          2-Jan-2000 (expired 3-Jan-2000)
> 
> One answer here is that the expired sig of 2-Jan-2000 has superceded
> the nonrevocable sig of 1-Jan-2000.  The end result is nothing and
> both sigs can be discarded.
> 
> Another answer is that 2-Jan-2000 has expired, which leaves the sig of
> 1-Jan-2000 as valid and usable.
> 
> What are you arguing for?

The sig. of 1-Jan-2000 is valid and usable.  It can only be ignored when
superceded.

Also, if multiple non-revocable sigs. exist, the latest (valid) one 
supercedes all others, which can be safely removed.

-- 
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 309 bytes
Desc: not available
Url : /pipermail/attachments/20050319/2ecf0465/attachment.pgp

More information about the Gnupg-users mailing list