Retaining expired sigs
Jason Harris
jharris at widomaker.com
Sat Mar 19 21:25:32 CET 2005
On Sat, Mar 19, 2005 at 02:26:07PM -0500, David Shaw wrote:
> I agree. It's not just expired and superceded signatures. There are
> a good number of other semantic questions that are not covered in 2440
> or 2440bis. For example, the so-called "PGP trust model" is not
> covered anywhere. This is historical: the original plan for the IETF
> group was that there would be multiple specifications (a message
> format document, a trust model document, etc). Unfortunately, only
> the message format document was written, and it became 2440.
That explains a lot. Thanks.
> about the same thing. Given this case:
>
> non-revocable sig 1-Jan-2000
> revocable sig 2-Jan-2000
> revocation 3-Jan-2000
>
> One way of looking at this is the end result is nothing. That is, the
> revocable sig of 2-Jan-2000 has superceded the non-revocable sig of
> 1-Jan-2000, and then the revocation has revoked the sig of 2-Jan-2000.
> There are no valid sigs left, and all three can be disregarded.
This would be letting the non-revocable sig. be indirectly revoked,
which I don't believe anyone is advocating.
> Another way of looking at this is that the revocable sig of 2-Jan-2000
> has not superceded the non-revocable sig of 1-Jan-2000. The
> revocation of 3-Jan-2000 has revoked the sig of 2-Jan-2000, which
> leaves the non-revocable sig of 1-Jan-2000 as valid and usable.
This is what I am advocating.
> Now try this case:
>
> non-revocable sig 1-Jan-2000
> expired sig 2-Jan-2000 (expired 3-Jan-2000)
>
> One answer here is that the expired sig of 2-Jan-2000 has superceded
> the nonrevocable sig of 1-Jan-2000. The end result is nothing and
> both sigs can be discarded.
>
> Another answer is that 2-Jan-2000 has expired, which leaves the sig of
> 1-Jan-2000 as valid and usable.
>
> What are you arguing for?
The sig. of 1-Jan-2000 is valid and usable. It can only be ignored when
superceded.
Also, if multiple non-revocable sigs. exist, the latest (valid) one
supercedes all others, which can be safely removed.
--
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/
Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 309 bytes
Desc: not available
Url : /pipermail/attachments/20050319/2ecf0465/attachment.pgp
More information about the Gnupg-users
mailing list