Problem with faked-system-time option
Hauke Laging
mailinglisten at hauke-laging.de
Wed Jun 15 02:59:21 CEST 2011
Am Mittwoch, 15. Juni 2011, 01:35:45 schrieb Jerome Baum:
> > An idea: I suggest a standardized signature notation like "timestamp". It
> > would indicate that you don't make any statement about the signed content
> > (which even may be encrypted, even against you) but just confirm the time
> > of existence. That would solve (or reduced) the recently mentioned
> > problem "You don't know what you sign".
>
> Why modify the standard?
Because signature notations are supposed to be standardized. There aren't any
yet though. Nobody suffers from defining a string to mark timestamp-only
signatures. That is easily parsable both for software and for humans.
Timestamps are an important application. I don't think that there is any equal
solution.
Furthermore this might make signature notations more popular. IMHO they are a
very useful nonetheless nearly unused feature.
To repeat myself again: I also hope that in a not so far future there will be
signature notations which can give detailed (and parsable) information about
the signature policy.
Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110615/a6499e02/attachment-0001.pgp>
More information about the Gnupg-users
mailing list