Problem with faked-system-time option
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Jun 15 17:07:22 CEST 2011
On 06/15/2011 04:56 AM, Hauke Laging wrote:
> Am Mittwoch, 15. Juni 2011, 03:16:16 schrieb Jerome Baum:
>> We just need to agree on
>> a name, maybe Werner can confirm we are free to use
>> "timestamp-only at gnupg.org"? What would the value mean?
>
> Shall I repeat the proposal, or is that a question to Werner? :-)
>
> "The signer makes no statement about the content of the signed data (may not
> even have been able to read it) but only confirms its existance at the time of
> the given timestamp."
I think it is a mistake to make this particular notation, when signature
type 0x40 already exists:
https://tools.ietf.org/html/rfc4880#page-21
---------------
0x40: Timestamp signature.
This signature is only meaningful for the timestamp contained in
it.
---------------
I'm happy with the proposal to start using notations more, and creating
a culture of publishing well-defined semantics around them; i just don't
think this particular goal is well-served by notations, since it is
already in the core protocol specification.
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110615/49009c8f/attachment.pgp>
More information about the Gnupg-users
mailing list