Retaining expired sigs
Jason Harris
jharris at widomaker.com
Sun Mar 20 18:18:42 CET 2005
On Sat, Mar 19, 2005 at 10:35:47PM -0500, David Shaw wrote:
> On Sat, Mar 19, 2005 at 03:25:32PM -0500, Jason Harris wrote:
> > The sig. of 1-Jan-2000 is valid and usable. It can only be ignored when
> > superceded.
>
> I agree with your general idea here, but not the details, exactly.
> What GnuPG does in this case is to take the 1-Jan-2000 signature and
> ignore any that follow.
As I said, that makes them decidedly non-modifiable instead of simply
non-revocable.
> I don't like the idea of a signature that is temporarily superceded.
> Either it is superceded (and can be removed) or it is not. It's a bit
If one doesn't insist that the latest non-revocable, superceded sigs
are to be removed, I don't see the problem with temporarily superceded
sigs.
However, GPG's current behavior can be circumvented by manually removing
any non-revocable sigs that block other sigs from being considered,
anyone affected by this behavior should be able to diagnose it quickly,
and I don't recall seeing a lot of non-revocable 0x10-0x13 sigs, so this
probably won't become a big issue anytime soon.
BTW, what has your testing of other (OpenPGP(?)) encryption programs
uncovered?
--
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/
Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 309 bytes
Desc: not available
Url : /pipermail/attachments/20050320/2193601f/attachment.pgp
More information about the Gnupg-users
mailing list