[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Series of minor questions about OpenPGP 6

Hash: SHA1

On Feb 1, 2009, at 6:44 PM, Christoph Anton Mitterer wrote:

> * PGP Signed by an unverified key: 02/01/2009 at 06:44:23 PM
> On Fri, 2009-01-30 at 17:02 -0800, Jon Callas wrote:
>>> 3) key expiration time (9)
>>> I've probably asked this before. But, what happens if different key
>>> expiration times are specified in the self-signatures? Is it left to
>>> the implementation to decide what to do?
>> Yes. There are plenty of obvious right things to do. Let's suppose I
>> am moving from example.com to foobar.com next Monday, but I quit
>> example.com effective today (and set an expiration time that reflects
>> that). From now until Monday, neither user name is valid.
> This is a little bit strange, isn't it? Wouldn't one use signature
> expiration times on the User ID self-signatures for such move?

What's the difference?

Key expiration is expressed as a part of the self-signature. Yes, you  
could time-limit the self signature and thus when the self-signature  
expires you have a UID with no self-signature. But that strikes me as  
an eccentric way to do the same thing. The question was not about  
signature expirations, it was about key expiry.

>> It makes sense to me to have two preferred keyservers. I don't have  
>> an
>> opinion about policy URIs, but I wouldn't discount it automatically
>> out of hand.
> Doesn't the RFC say that only the last subpacket of a give type of the
> same signature must be used? Or was this just a "should"?

I believe that it is guidance not a mandate.


Version: PGP Universal 2.6.3
Charset: US-ASCII