[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Series of minor questions about OpenPGP 6
-----BEGIN PGP SIGNED MESSAGE-----
On Feb 1, 2009, at 6:44 PM, Christoph Anton Mitterer wrote:
> * PGP Signed by an unverified key: 02/01/2009 at 06:44:23 PM
> On Fri, 2009-01-30 at 17:02 -0800, Jon Callas wrote:
>>> 3) key expiration time (9)
>>> I've probably asked this before. But, what happens if different key
>>> expiration times are specified in the self-signatures? Is it left to
>>> the implementation to decide what to do?
>> Yes. There are plenty of obvious right things to do. Let's suppose I
>> am moving from example.com to foobar.com next Monday, but I quit
>> example.com effective today (and set an expiration time that reflects
>> that). From now until Monday, neither user name is valid.
> This is a little bit strange, isn't it? Wouldn't one use signature
> expiration times on the User ID self-signatures for such move?
What's the difference?
Key expiration is expressed as a part of the self-signature. Yes, you
could time-limit the self signature and thus when the self-signature
expires you have a UID with no self-signature. But that strikes me as
an eccentric way to do the same thing. The question was not about
signature expirations, it was about key expiry.
>> It makes sense to me to have two preferred keyservers. I don't have
>> opinion about policy URIs, but I wouldn't discount it automatically
>> out of hand.
> Doesn't the RFC say that only the last subpacket of a give type of the
> same signature must be used? Or was this just a "should"?
I believe that it is guidance not a mandate.
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
-----END PGP SIGNATURE-----