timestamp notation @gnupg.org

Hauke Laging mailinglisten at hauke-laging.de
Thu Jun 16 16:27:12 CEST 2011

Am Donnerstag, 16. Juni 2011, 14:56:32 schrieb Werner Koch:

> > This notation is a more compatible alternative to the signature type
> > 0x40. So its explanation could be used:
> > 
> > "Timestamp signature. This signature is only meaningful for the timestamp
> > contained in it."
> That is a bit too terse.  What is a timestamp how is it formatted in the
> message and what does such a signature actually mean.

Perhaps you have misunderstood the intention: This is not about changing data 
formats. This is not about changing gpg code (could be for convenience but is 
not necessary).

This is primarily about a uniform understanding of already available features 
so that the usage of these features gets easier (and more common).

If anyone is not happy with the OpenPGP timestamp format (which I haven't 
noticed yet) then that would be a completely different discussion.

> > I would add for clarity: "The signer makes no statement about the signed
> > data (including that he has read it or at least could read it at all)
> > except that it existed at the time given in the signature timestamp."
> Well, so write that into the signed data or the signature meta data and
> you are done.  We have a policy flag for that.

Nobody said it was not possible at all. The discussion is about making it much 
easier. The easy of use has (at least) two parts: Accessibility of the 
information and a uniform format.

Of course, it would not make sense to make a standard for every possible 
information that could be contained in a signature policy. But this is a very 
basic statement (possibly extended by a policy URL) for a feature which has 
been mentioned by several GnuPG related RfCs, which is offered by commercial 
and free services and even covered by crypto law.

There is no need to use @gnupg.org as a test phase name space; it just makes 
sense IMHO. But if you prefer to limit gnupg.org to the code that's perfectly 
OK. This question is not even related to this timestamp discussion:

Do you want to promote the uniform usage of notations (perhaps later taken 
over into IETF namespace) via this mailinglist and an officially maintained 
list of notations in the gnupg.org namespace or not?

If you want to avoid notations in gnupg.org then the discussion is finished 

PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110616/90be5bb6/attachment.pgp>

More information about the Gnupg-users mailing list