Retaining expired sigs

Jason Harris jharris at widomaker.com
Mon Mar 21 19:41:46 CET 2005 

On Sun, Mar 20, 2005 at 11:36:42PM -0500, David Shaw wrote:
> On Sun, Mar 20, 2005 at 11:07:50PM -0500, Jason Harris wrote:
 
> > I really don't think it is worth trying to protect against these
> > scenarios.  A user can simply remove any non-revocable sigs they
> > don't want in their local keyring.
> 
> As soon as you posit a user who is going to edit their local keyring,
> there is nothing to discuss.  Editing the keyring violates the trust
> "contract".

It is no different than having all users (by default) ignore 0x11 sigs,
or allowing them to also ignore 0x12 sigs.  Using anything other than
"--min-cert-level 0" is "editing the keyring," period.

> I don't think there is anything left to discuss.  We've about reached
> the stage where I'm saying "10+2!" and you're saying, "Bad example!
> It's 6+6!"

I don't understand how you can fear people removing sigs so much.
You have recently given users the opportunity to do it, and, worse,
defaulted the feature to removing all 0x11 sigs, because _you_
_personally_ dislike 0x11 sigs.  Yet, you argue for _days_ that
people can't disregard non-revocable sigs, ever.  (Then, you say
it is "safe" when PGP 8.1 does it.)

What you seem to fail to understand is that people will always
be able to decide which issuers and signatures they trust.
Whether they do this as GPG allows by managing their trustdb,
whether they do this as GPG allows by manually removing sigs
(as part of --edit-key), or whether they do this as GPG allows
by using --min-cert-level makes no difference.  If you disagree
that "people will always be able to decide which issuers and
signatures they trust," then please make it _extremely_ clear
in your reply.  As you seem to have concluded, that fact takes
precedence in my logic, and as I have concluded, it seems to
take no precedence in yours.

> > > When importing a non-revoke-sig + revoked sig set, PGP doesn't strip
> > > anything, but does ignore the non-revokable sig (it isn't even visible
> > > in the GUI).
> > 
> > Gah!  PGP 8.1 allows non-revocable sigs to be revoked?!
> 
> No.  So far as I can tell in a not particularly rigorous 5-minute
> test, it ignores the non-revocable sig completely.  It's as if the uid

You recently described this very behavior as (implicity) revoking a
non-revocable sig. _and_ said GPG should not do it - both of which I
agree with.

-- 
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 309 bytes
Desc: not available
Url : /pipermail/attachments/20050321/1f7ad3e1/attachment.pgp

More information about the Gnupg-users mailing list