Problem with faked-system-time option

David Shaw dshaw at
Thu Jun 16 04:44:20 CEST 2011

On Jun 15, 2011, at 7:19 PM, Jerome Baum wrote:

>>>> Out of curiosity, as long as we're talking about things that current code will reject, does the 0x50 signature meet the semantics desired here?  This all sounds vaguely notary-like ("I saw this document on such-and-such date") to me, and the intent of 0x50 is a notary signature.  The nice thing about a 0x50 signature is that it is a signature on a signature, so the timestamp service doesn't need to see the document - just the (detached) signature.
>>> My understanding of a notary's job would include "I trust this key to
>>> be valid, in possession only of the person named in the uid, while
>>> that person was in sufficient mental state, not being threatened at
>>> gun-point, ..."
>> The 0x50 signature should not be interpreted as the output of a real-world notary
> Who says that?

RFC-4880 says that.  And speaking as the person who suggested it, I can tell you my intent ;)

The draft spec actually called it a "notary signature", but after discussion, the name was intentionally changed to "Third-Party Confirmation signature" explicitly to avoid any confusion with a real-world notary or what they do.  The word notary is just an analogy.

>> OpenPGP calls this signature a "Third-Party Confirmation signature".  It is merely a signature on a signature for whatever purpose is desired by the signer.
> So, is it interpretation-dependent?

No more than any other signature in the standard, no.


More information about the Gnupg-users mailing list