On 06/15/2011 05:19 PM, David Shaw wrote: > I'm not sure I agree with that. Essentially, this notation is a way for a > user to say "This is what I mean by this signature". Meaning and intent is > difficult for GnuPG to divine :)
If we're going with the semantics of 0x40 (but without the text/binary
ambiguity:
This signature is only meaningful for the timestamp contained in it.
Then you'd want such a signature only to be interpreted as
valid/acceptable in a context in which the *only* thing being checked
was the timestamp.
For example, if i set up a timestamping service that makes these
signatures with a subkey of my own key, i would not want those
timestamping signatures to be considered as valid signatures by, say,
the debian build queue.
Another example: If you were to set up such a timestamping service with
a subkey, i would not want my mail user agent to say "good signature
from David Shaw" if an e-mail was signed by that service.
So my point is: mark it as critical; then tools which know what to do
with a timestamp signature will use it fine, and other, existing tools
will not misinterpret it as any other intent.
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
