Retaining expired sigs
David Shaw
dshaw at jabberwocky.com
Mon Mar 21 02:36:09 CET 2005
On Sun, Mar 20, 2005 at 11:32:06PM +0100, Nicolas Rachinsky wrote:
> * David Shaw <dshaw at jabberwocky.com> [2005-03-20 13:37 -0500]:
> > Seriously, think about it:
> >
> > non-revocable sig 1-Jan-2000
> > expiring sig 2-Jan-2000 (expires 10-Jan-2000).
> >
> > Now, say it's January 3rd. According to what you want, the signature
> > that gets used is the 2-Jan-2000. Then, suddenly, on 10-Jan-2000,
> > when that signature expires, the 1-Jan-2000 signature is used.
> >
> > End result: there is always a signature.
> >
> > According to what actually happens, the signature that is used is
> > 1-Jan-2000.
> >
> > End result: there is always a signature.
> >
> > I suggest that if it bothers you all that much, you pretend that it's
> > doing what you want. It's not like there is a way to tell the
> > difference.
>
> What about different Levels (sig1..sig3) of signatures? If the first
> one is sig3 and the second one sig1 and min-cert-level>1 there would
> be a difference.
Yes, this is exactly why I don't want to do what Jason suggested.
That would imply allowing a sig1 (which is ignored) to override a
non-revocable signature, implicitly "revoking" it.
David
More information about the Gnupg-users
mailing list