Any value to duplicate signatures?

Ben McGinnes ben at adversary.org
Sat Mar 2 10:20:50 CET 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2/03/13 7:14 PM, Doug Barton wrote:
> 
> I am pretty sure the answer to this question is "no," but I
> thought I'd ask just in case. I've attended a conference for the
> last 2 years where there was a PGP key signing. Several of the
> people who signed my key last year were present again this year,
> and sent me signatures again.  The signatures are from the same
> keys, same certification level, everything. The only thing
> different is the date of the signature (obviously).
> 
> So the question is, what value, if any, would there be to
> importing those signatures, and sending them out to the key
> servers? I know that the various -clean options will strip that
> down to the most recent, I'm just curious. :)

I can think of two reasons why there may be some value in including
the second signatures.  The first being if you have added a new UID to
your key and the new signatures are now applied to that.  The second
being to show that the key is consistently under your control.


Regards,
Ben
-----BEGIN PGP SIGNATURE-----

iQGcBAEBCgAGBQJRMcRyAAoJEH/y03E1x1U8c4QMAPUMucXuUG5KNZS3DqSKG3tp
+3TnVFgnwRbLPqD/tBkJ6XvY75IfoFZnE0ewU5P6Wd+93iEpQajs86Pf5mGj/11N
YkuhWPrbdaivU9nvk3zgVykTaKSR4g+uLX5sd8iSjITAaIleBGR5P0hblMLv/qEZ
ClheGS0qSotRACQjchEwM44tMrSSon3uHIjuWsJvcyvsZARwWs2X8+fpCROVYpRA
9/AeWobN5Q4X92U1k1qxQegMEHXGVD3wZ+8QpBQ1Ypclvut2HBhq1DjReJbuOiRz
o9En2Hj8n65D1s9IQDez1IGR7eUfc69srjX1WlJqyRUbWtZU0Xxu1kSbNOFB3sOo
Dq6Qb/QZQCW+pXQ2BzEQTg3YlB2FK3tut43ZJ+XYaWF9qbFLJIoDa3jm0FAbpGI3
9D+wf/9AFFldL7wJk6gH6LmId8i3TkgjTDIzW8uFaXuz/GqUXD4nuapaMUEgBv5o
BEDVXlryd6KtEjw36iuvFbFS0u5Bel4LO0ltwNfS+g==
=rDSG
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list