per-user data signatures [was: Re: multiple keys vs multiple identities]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Sep 24 19:17:47 CEST 2010
On 09/24/2010 12:57 PM, David Shaw wrote:
> Hmm. It's a v3 sig which can't carry a notation. Do you have force-v3-sigs set anywhere? Or any of the --pgpX options (which set force-v3-sigs) ?
yup, that was it. i don't recall putting that in my gpg.conf explicitly
-- it must have been there from an early templated gpg.conf :(
Removing it makes things work as expected, thanks. time to review the
rest of the file for cruft, i suppose.
the man page is a bit confusing:
>> --force-v3-sigs
>>
>> --no-force-v3-sigs
>> OpenPGP states that an implementation should generate v4 signa‐
>> tures but PGP versions 5 through 7 only recognize v4 signatures
>> on key material. This option forces v3 signatures for signatures
>> on data. Note that this option implies --ask-sig-expire, --sig-
>> policy-url, --sig-notation, and --sig-keyserver-url, as these
>> features cannot be used with v3 signatures. --no-force-v3-sigs
>> disables this option.
first, there is no mention of what the default is (i assume it's
--no-force-v3-sigs).
second, what does "this option implies --ask-sig-expire ..." mean? it
seems to mean "this implies that the following options are not
available" or something like that.
The attached patch clarifies things to my current understanding of them
(but i might be wrong!)
Thanks,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: clarify-force-v3-sigs.diff
Type: text/x-diff
Size: 1013 bytes
Desc: not available
URL: </pipermail/attachments/20100924/2e661793/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100924/2e661793/attachment.pgp>
More information about the Gnupg-users
mailing list