Retaining expired sigs

David Shaw dshaw at
Sun Mar 20 19:37:04 CET 2005

On Sun, Mar 20, 2005 at 12:18:42PM -0500, Jason Harris wrote:
> On Sat, Mar 19, 2005 at 10:35:47PM -0500, David Shaw wrote:
> > On Sat, Mar 19, 2005 at 03:25:32PM -0500, Jason Harris wrote:
> > > The sig. of 1-Jan-2000 is valid and usable.  It can only be ignored when
> > > superceded.
> > 
> > I agree with your general idea here, but not the details, exactly.
> > What GnuPG does in this case is to take the 1-Jan-2000 signature and
> > ignore any that follow.
> As I said, that makes them decidedly non-modifiable instead of simply
> non-revocable.
> > I don't like the idea of a signature that is temporarily superceded.
> > Either it is superceded (and can be removed) or it is not.  It's a bit
> If one doesn't insist that the latest non-revocable, superceded sigs
> are to be removed, I don't see the problem with temporarily superceded
> sigs.

I think we're not communicating again.  There is no visible difference
between these two things.  What's to have a problem with?

Seriously, think about it:

	   non-revocable sig   1-Jan-2000
	   expiring sig        2-Jan-2000 (expires 10-Jan-2000).

Now, say it's January 3rd.  According to what you want, the signature
that gets used is the 2-Jan-2000.  Then, suddenly, on 10-Jan-2000,
when that signature expires, the 1-Jan-2000 signature is used.

  End result: there is always a signature.

According to what actually happens, the signature that is used is

  End result: there is always a signature.

I suggest that if it bothers you all that much, you pretend that it's
doing what you want.  It's not like there is a way to tell the

> BTW, what has your testing of other (OpenPGP(?)) encryption programs
> uncovered?

Haven't checked yet.  I don't know that it'll be terribly illuminating
on the subject of non-revocable sigs since so far as I know, GnuPG is
the only one that implements them (except for the usual use in
designated revokers).  It might reveal something interesting about
expiring sigs though.


More information about the Gnupg-users mailing list