Re: Retaining expired sigs

Sun, 20 Mar 2005 10:47:32 -0800 

On Sun, Mar 20, 2005 at 12:18:42PM -0500, Jason Harris wrote:
> On Sat, Mar 19, 2005 at 10:35:47PM -0500, David Shaw wrote:
> > On Sat, Mar 19, 2005 at 03:25:32PM -0500, Jason Harris wrote:
>  
> > > The sig. of 1-Jan-2000 is valid and usable.  It can only be ignored when
> > > superceded.
> > 
> > I agree with your general idea here, but not the details, exactly.
> > What GnuPG does in this case is to take the 1-Jan-2000 signature and
> > ignore any that follow.
> 
> As I said, that makes them decidedly non-modifiable instead of simply
> non-revocable.
> 
> > I don't like the idea of a signature that is temporarily superceded.
> > Either it is superceded (and can be removed) or it is not.  It's a bit
> 
> If one doesn't insist that the latest non-revocable, superceded sigs
> are to be removed, I don't see the problem with temporarily superceded
> sigs.

I think we're not communicating again.  There is no visible difference
between these two things.  What's to have a problem with?

Seriously, think about it:

           non-revocable sig   1-Jan-2000
           expiring sig        2-Jan-2000 (expires 10-Jan-2000).

Now, say it's January 3rd.  According to what you want, the signature
that gets used is the 2-Jan-2000.  Then, suddenly, on 10-Jan-2000,
when that signature expires, the 1-Jan-2000 signature is used.

  End result: there is always a signature.

According to what actually happens, the signature that is used is
1-Jan-2000.

  End result: there is always a signature.

I suggest that if it bothers you all that much, you pretend that it's
doing what you want.  It's not like there is a way to tell the
difference.

> BTW, what has your testing of other (OpenPGP(?)) encryption programs
> uncovered?

Haven't checked yet.  I don't know that it'll be terribly illuminating
on the subject of non-revocable sigs since so far as I know, GnuPG is
the only one that implements them (except for the usual use in
designated revokers).  It might reveal something interesting about
expiring sigs though.

David

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to