Problem with faked-system-time option
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Jun 15 21:50:20 CEST 2011
On 06/15/2011 03:10 PM, David Shaw wrote:
> That said I'd probably suggest notations for this, even though 0x40 exists in the standard. 0x40 signatures are a bit of a leftover tail in the standard, and are not well specified (0x40 sigclass - is it a binary signature? a text signature?). Using notations also gives you more flexibility since you can do key=value stuff and specify different variations on timestamp signatures.
Note that if you do decide to use a notation for this, you should mark
the relevant notation subpacket as "critical", so that the signature is
not interpreted by an unwitting implementation as meaning something
other than the specific declaration:
https://tools.ietf.org/html/rfc4880#page-26
Currently, the proposal as it stands is to use a notation within the
@gnupg.org domain. It would be good to get verification from the
maintainers/owners of that domain to know if they're OK with the
specific proposal.
According to whois, that's Werner and g10 code GmbH. Werner, can you
comment on any policy for use of @gnupg.org notations? Would it help if
someone set up a registry someplace documenting the specific notations?
I'm willing to set up such a registry on a domain i control, but i'm not
sure people would want to use it because my domains aren't as strongly
associated with OpenPGP as gnupg.org.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110615/a91cdd39/attachment.pgp>
More information about the Gnupg-users
mailing list