Retaining expired sigs

David Shaw dshaw at jabberwocky.com
Mon Mar 21 02:36:09 CET 2005


On Sun, Mar 20, 2005 at 11:32:06PM +0100, Nicolas Rachinsky wrote:
> * David Shaw <dshaw at jabberwocky.com> [2005-03-20 13:37 -0500]:
> > Seriously, think about it:
> > 
> > 	   non-revocable sig   1-Jan-2000
> > 	   expiring sig        2-Jan-2000 (expires 10-Jan-2000).
> > 
> > Now, say it's January 3rd.  According to what you want, the signature
> > that gets used is the 2-Jan-2000.  Then, suddenly, on 10-Jan-2000,
> > when that signature expires, the 1-Jan-2000 signature is used.
> > 
> >   End result: there is always a signature.
> > 
> > According to what actually happens, the signature that is used is
> > 1-Jan-2000.
> > 
> >   End result: there is always a signature.
> > 
> > I suggest that if it bothers you all that much, you pretend that it's
> > doing what you want.  It's not like there is a way to tell the
> > difference.
> 
> What about different Levels (sig1..sig3) of signatures? If the first
> one is sig3 and the second one sig1 and min-cert-level>1 there would
> be a difference.

Yes, this is exactly why I don't want to do what Jason suggested.
That would imply allowing a sig1 (which is ignored) to override a
non-revocable signature, implicitly "revoking" it.

David



More information about the Gnupg-users mailing list