timestamp notation @gnupg.org
mailinglisten at hauke-laging.de
Thu Jun 16 16:27:12 CEST 2011
Am Donnerstag, 16. Juni 2011, 14:56:32 schrieb Werner Koch:
> > This notation is a more compatible alternative to the signature type
> > 0x40. So its explanation could be used:
> > "Timestamp signature. This signature is only meaningful for the timestamp
> > contained in it."
> That is a bit too terse. What is a timestamp how is it formatted in the
> message and what does such a signature actually mean.
Perhaps you have misunderstood the intention: This is not about changing data
formats. This is not about changing gpg code (could be for convenience but is
This is primarily about a uniform understanding of already available features
so that the usage of these features gets easier (and more common).
If anyone is not happy with the OpenPGP timestamp format (which I haven't
noticed yet) then that would be a completely different discussion.
> > I would add for clarity: "The signer makes no statement about the signed
> > data (including that he has read it or at least could read it at all)
> > except that it existed at the time given in the signature timestamp."
> Well, so write that into the signed data or the signature meta data and
> you are done. We have a policy flag for that.
Nobody said it was not possible at all. The discussion is about making it much
easier. The easy of use has (at least) two parts: Accessibility of the
information and a uniform format.
Of course, it would not make sense to make a standard for every possible
information that could be contained in a signature policy. But this is a very
basic statement (possibly extended by a policy URL) for a feature which has
been mentioned by several GnuPG related RfCs, which is offered by commercial
and free services and even covered by crypto law.
There is no need to use @gnupg.org as a test phase name space; it just makes
sense IMHO. But if you prefer to limit gnupg.org to the code that's perfectly
OK. This question is not even related to this timestamp discussion:
Do you want to promote the uniform usage of notations (perhaps later taken
over into IETF namespace) via this mailinglist and an officially maintained
list of notations in the gnupg.org namespace or not?
If you want to avoid notations in gnupg.org then the discussion is finished
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 555 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users