Problem with faked-system-time option

Hauke Laging mailinglisten at hauke-laging.de
Thu Jun 16 00:58:09 CEST 2011


Am Mittwoch, 15. Juni 2011, 23:54:17 schrieb David Shaw:

> I think that's fine and reasonable.  My only difference is that I would not
> mandate it being marked as critical, and let the signer decide whether
> they want that or not.  Note that marking it as critical means that all
> current code will reject it.  Updating that code won't happen quickly.

Maybe both intentions (alert and compatibility) can be combined at another 
level: Isn't it possible to create two signatures, one with the notation 
marked critical the other one not? Except for the problem that some old PGP 
version crashes when seeing more than one sig... Recognizing implementations 
would give notice of two valid signatures (and maybe supress one), the other 
ones of one valid and one invalid. Thus users of the latter would have both a 
valid signature and a reason to check what's up...


> My question still remains though: what should GnuPG do differently for a
> timestamp-only signature compared to a regular signature?  Print "good
> timestamp from David Shaw" instead of "good signature from David Shaw"?

Something like that. A hint at the documentation (like "(see --timestamp-
only)") could be added but I guess that the output shall be kept to minimum 
length.


> Out of curiosity, as long as we're talking about things that current code
> will reject, does the 0x50 signature meet the semantics desired here? 

This one does not have the problem you mentioned for 0x40 (cleartext)? Because 
it refers to an (unambigious) signature instead of to (ambigious) data?


> This all sounds vaguely notary-like ("I saw this document on such-and-such
> date") to me, and the intent of 0x50 is a notary signature.  The nice
> thing about a 0x50 signature is that it is a signature on a signature, so
> the timestamp service doesn't need to see the document - just the
> (detached) signature.

That is simultaneously the nice and the bad thing. The bad part is that this 
cannot be the only implementation of this feature as it is limited to 
signatures. A timstamp service should sign anything, not just signatures. 
There may be reasons not to reveal a signature (with the key ID) but rather to 
get a signed timestamp anonymously.


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110616/ecd9d696/attachment.pgp>


More information about the Gnupg-users mailing list