Question regarding unknown certificates

Werner Koch wk at gnupg.org
Tue Jan 3 10:59:20 CET 2012


On Tue, 25 Oct 2011 20:27, wk at gnupg.org said:
> On Tue, 25 Oct 2011 14:48, gnupg.user at seibercom.net said:
>> Since most of these certificates appear to be expired anyway, can I
>> just delete that file? I am not sure why they are being listed anyway.
>
> Yes.

I will keep them in the file because these certificates are useful in
the "chain" validation model.  Usually we use the "shell" model where
expiration dates have an obvious meaning.  For German qualified
signatures the "chain" model is required.  Basically, it compares the
expiration date to the date given in the signatures.



Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list