Problem with faked-system-time option

Daniel Kahn Gillmor dkg at
Wed Jun 15 23:33:00 CEST 2011

On 06/15/2011 05:19 PM, David Shaw wrote:
> I'm not sure I agree with that.  Essentially, this notation is a way for a user to say "This is what I mean by this signature".  Meaning and intent is difficult for GnuPG to divine :)

If we're going with the semantics of 0x40 (but without the text/binary

   This signature is only meaningful for the timestamp contained in it.

Then you'd want such a signature only to be interpreted as
valid/acceptable in a context in which the *only* thing being checked
was the timestamp.

For example, if i set up a timestamping service that makes these
signatures with a subkey of my own key,  i would not want those
timestamping signatures to be considered as valid signatures by, say,
the debian build queue.

Another example: If you were to set up such a timestamping service with
a subkey, i would not want my mail user agent to say "good signature
from David Shaw" if an e-mail was signed by that service.

So my point is: mark it as critical; then tools which know what to do
with a timestamp signature will use it fine, and other, existing tools
will not misinterpret it as any other intent.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110615/f83b7cf3/attachment.pgp>

More information about the Gnupg-users mailing list