Problem with faked-system-time option
jerome at jeromebaum.com
Thu Jun 16 19:15:39 CEST 2011
>> In any case, let's just use a notation and concentrate on that. The
>> 0x50, clarity/confusion, notation, 0x40, etc. discussion is wasteful
>> and not really fun.
> You still don't understand.
Really? Maybe *you* just haven't brought up all those issues until
now. Here's what I see:
Me: Guys, we're looking to do X. Do you have any input?
You: Don't do X, do Y. Here's why: A.
Me: A is invalid. We'll still do X.
You: But A!
Me: A is invalid.
You: You still don't understand. B is a good reason not to do X. You
haven't discussed B!
You never brought up "various interactions this [notation] has with
different signature types" until now. You were suggesting to dump the
notation entirely, and use an 0x50 instead. Of course, I can only see
what you've written (and only what I recall), not what you may have
intended to write.
> You are proposing a new feature for OpenPGP, so it needs to consider the various interactions this new "timestamp-only" flag has with different signature types. These are the sorts of comments and questions that need to be looked at when adding a new feature to the standard. This is not adversarial! The goal is to have the best possible design that considers how this new thing fits in to the OpenPGP standard as a whole and that there aren't any gotchas or "Ugh, I wish we would have done xxxx" later.
The goal depends on who's looking. My goal is to have a notation that
we can use for simple timestamp-only signatures on data like stamper
does, as easily as possible but still somewhat flexible -- note how
"somewhat" contrasts with "entirely". Your goal may be "to have the
best possible design", but it's not mine. I consider "best possible" a
fallacy, as there are *always* trade-offs.
There will always be gotchas, you will always wish you "would have
done xxxx". Note that I wouldn't. I would simply assume that humans
make errors, and that I am human. I would move on and work on the next
version, instead of complaining that my design wasn't "the best
Given all that, I am very happy that you've uncovered an implicit
assumption I was making: That the timestamp-only at gnupg.org notation
would be defined only on 0x00 (possibly 0x01). We need to either
explicitly add that to the spec, or change the assumption.
email jerome at jeromebaum.com
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
More information about the Gnupg-users