Hi David. btw: Thanks for your excellent answers. Great to have one of the RFC authors here :-)
On Mon, Jan 26, 2009 at 11:28 PM, David Shaw <ds...@jabberwocky.com> wrote: > It's a "token", that can be given from one person to another. The > token contains only what is stated inside the signature itself. Let's > say I put some useful information inside a notation packet, or perhaps > it contains identity inside a keyID packet, etc. Think of it as a > physical token and some uses come to mind. Ah,.. I see. > GPG doesn't support it. Neither does any other OpenPGP program that I > know of. What a pity :-( > It's used for designated revocation signatures. There is no reason > why it *couldn't* be used for key expiration or key flags, but 0x13 > works just as well for this. OpenPGP supports both 0x1F and 0x13 > (0x10, 0x11, 0x12), and historically people used 0x13, so there was > never a real reason to change. Ok,.. I'll come back to this later when I ask some stuff about signature subpackets. Would gnupg understand these subpackets in a 0x1F signature? > It's a Notary signature. For example: Alice writes a document. She > later wants to be able to prove when it was written. Obviously we > can't trust Alice's signature to prove that since she can set her > clock to whatever she likes. We can, however, trust the notary (or > many notaries). Alice signs the document, and then brings the > signature to the Notary. The Notary verifies that the signature is > sane (i.e. the date is current) and then signs the signature (with an > 0x50). Alice gets her proof, and significantly does not have to show > the Notary her original document. Ah,.. now I understand :-) So it's somehow comparable to the timestamp signatures, isn't it? _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
