Problem with faked-system-time option

David Shaw dshaw at jabberwocky.com
Wed Jun 15 21:10:45 CEST 2011


On Jun 15, 2011, at 11:39 AM, Hauke Laging wrote:

> Am Mittwoch, 15. Juni 2011, 17:07:22 schrieb Daniel Kahn Gillmor:
> 
>> I think it is a mistake to make this particular notation, when signature
>> type 0x40 already exists:
>> 
>> https://tools.ietf.org/html/rfc4880#page-21
>> 
>> ---------------
>>   0x40: Timestamp signature.
>>       This signature is only meaningful for the timestamp contained in
>>       it.
>> ---------------
> 
> Funny.
> 
> Is it possible to create such signatures with GnuPG? How?

It is not currently possible.  The code to do it is trivial, but nobody has really pushed for it before.

That said I'd probably suggest notations for this, even though 0x40 exists in the standard.  0x40 signatures are a bit of a leftover tail in the standard, and are not well specified (0x40 sigclass - is it a binary signature?  a text signature?).  Using notations also gives you more flexibility since you can do key=value stuff and specify different variations on timestamp signatures.

David




More information about the Gnupg-users mailing list