Problem with faked-system-time option
David Shaw
dshaw at jabberwocky.com
Thu Jun 16 00:40:06 CEST 2011
On Jun 15, 2011, at 6:02 PM, Jerome Baum wrote:
>> Out of curiosity, as long as we're talking about things that current code will reject, does the 0x50 signature meet the semantics desired here? This all sounds vaguely notary-like ("I saw this document on such-and-such date") to me, and the intent of 0x50 is a notary signature. The nice thing about a 0x50 signature is that it is a signature on a signature, so the timestamp service doesn't need to see the document - just the (detached) signature.
>
> My understanding of a notary's job would include "I trust this key to
> be valid, in possession only of the person named in the uid, while
> that person was in sufficient mental state, not being threatened at
> gun-point, ..."
The 0x50 signature should not be interpreted as the output of a real-world notary (whose task varies in different locations anyway). It is merely analogous to a notary in that the "notary" sees a signature, and affixes a seal to it indicating "I saw this" (oversimplification, but forgive me).
OpenPGP calls this signature a "Third-Party Confirmation signature". It is merely a signature on a signature for whatever purpose is desired by the signer.
> -- why should we use a signature type that could be
> misinterpreted, when there is a "timestamp" signature type that fits
> our needs exactly?
Because as already noted, the 0x40 signature is not fully specified in the standard. There is not enough information to know how to generate one.
David
More information about the Gnupg-users
mailing list