Series of minor questions about OpenPGP 2
p4.thomas at googlemail.com
Tue Jan 27 00:20:35 CET 2009
btw: Thanks for your excellent answers. Great to have one of the RFC
authors here :-)
On Mon, Jan 26, 2009 at 11:28 PM, David Shaw <dshaw at jabberwocky.com> wrote:
> It's a "token", that can be given from one person to another. The
> token contains only what is stated inside the signature itself. Let's
> say I put some useful information inside a notation packet, or perhaps
> it contains identity inside a keyID packet, etc. Think of it as a
> physical token and some uses come to mind.
Ah,.. I see.
> GPG doesn't support it. Neither does any other OpenPGP program that I
> know of.
What a pity :-(
> It's used for designated revocation signatures. There is no reason
> why it *couldn't* be used for key expiration or key flags, but 0x13
> works just as well for this. OpenPGP supports both 0x1F and 0x13
> (0x10, 0x11, 0x12), and historically people used 0x13, so there was
> never a real reason to change.
Ok,.. I'll come back to this later when I ask some stuff about
Would gnupg understand these subpackets in a 0x1F signature?
> It's a Notary signature. For example: Alice writes a document. She
> later wants to be able to prove when it was written. Obviously we
> can't trust Alice's signature to prove that since she can set her
> clock to whatever she likes. We can, however, trust the notary (or
> many notaries). Alice signs the document, and then brings the
> signature to the Notary. The Notary verifies that the signature is
> sane (i.e. the date is current) and then signs the signature (with an
> 0x50). Alice gets her proof, and significantly does not have to show
> the Notary her original document.
Ah,.. now I understand :-) So it's somehow comparable to the timestamp
signatures, isn't it?
More information about the Gnupg-users