Problem with faked-system-time option

Hauke Laging mailinglisten at hauke-laging.de
Wed Jun 15 23:58:31 CEST 2011


Am Mittwoch, 15. Juni 2011, 23:19:33 schrieb David Shaw:

> Or more specifically, what should GnuPG do
> differently for a timestamp-only signature compared to a regular
> signature?

It should at least change the message from
"Good signature from ..."
to
"Good timestamp-only signature from..."
in order to help the user avoid a misunderstanding. It is good if you can show 
that you acted correctly (used this notation) and someone has misunderstood 
what you did. It is better to prevent the other one from misunderstanding it 
at all.


> I'm not against the user deciding to mark the notation as critical if he
> chooses to do so.  I just wouldn't have it automatically and always
> critical.

I support that. A non-critical timestamp signature is technically usable on 
"all" systems, a critical one would be usable on few only. That's IMHO a much 
bigger problem then the non-recognition of the feature. After all the correct 
understanding of a signature is up to the recipient anyway (impossible without 
the signature policy). This notation allows you to skip checking the policy.


I would like "popular" notations to be mentioned in the GnuPG documentation. I 
guess that will not take much space. :-)  Or at least a document describing 
those should be given.

You also might consider introducing --timestamp-only (easy to remember) or 
similar as an alias for --sig-notation timestamp-only at gnupg.org=default.


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110615/1330c59c/attachment.pgp>


More information about the Gnupg-users mailing list