On 01/29/2009 03:53 PM, David Shaw wrote:
> I suppose if you had an implementation that insisted on using the
> first signature, regardless of the date, then the revocations would
> force it to look at the last signature.. but then, an implementation
> that did that may have other odd semantics elsewhere. It may conclude
> that there is no signature at all (after all, the one signature it was
> looking at is revoked).
This would be a particularly odd implementation because "the first
signature regardless of date" has no meaning in OpenPGP, iiuc. There's
nothing stopping a re-ordering of signature packets, and a certificate
that looks like this:
primary_key
\-uid
+--sigX
\--sigY
Is semantically equivalent to this:
primary_key
\-uid
+--sigY
\--sigX
And in fact, keyservers will often have to re-order signature packets if
they gather data from disparate sources.
--dkg
Attachment:
signature.asc
Description: OpenPGP digital signature