Problem with faked-system-time option
David Shaw
dshaw at jabberwocky.com
Thu Jun 16 04:44:20 CEST 2011
On Jun 15, 2011, at 7:19 PM, Jerome Baum wrote:
>>>> Out of curiosity, as long as we're talking about things that current code will reject, does the 0x50 signature meet the semantics desired here? This all sounds vaguely notary-like ("I saw this document on such-and-such date") to me, and the intent of 0x50 is a notary signature. The nice thing about a 0x50 signature is that it is a signature on a signature, so the timestamp service doesn't need to see the document - just the (detached) signature.
>>>
>>> My understanding of a notary's job would include "I trust this key to
>>> be valid, in possession only of the person named in the uid, while
>>> that person was in sufficient mental state, not being threatened at
>>> gun-point, ..."
>>
>> The 0x50 signature should not be interpreted as the output of a real-world notary
>
> Who says that?
RFC-4880 says that. And speaking as the person who suggested it, I can tell you my intent ;)
The draft spec actually called it a "notary signature", but after discussion, the name was intentionally changed to "Third-Party Confirmation signature" explicitly to avoid any confusion with a real-world notary or what they do. The word notary is just an analogy.
>> OpenPGP calls this signature a "Third-Party Confirmation signature". It is merely a signature on a signature for whatever purpose is desired by the signer.
>
> So, is it interpretation-dependent?
No more than any other signature in the standard, no.
David
More information about the Gnupg-users
mailing list