PGP and signing subkeys

David Shaw dshaw@jabberwocky.com
Tue Dec 3 04:10:01 2002


On Mon, Dec 02, 2002 at 12:22:56PM -0800, Len Sassaman wrote:

> Also, PGP 8 knows to ignore the comments packets in the secret keys
> generated with GnuPG, so --no-comment is no longer necessary when
> exporting those keys, and PGP can now verify v4 signatures with expiration
> dates on regular files (though the client UI ignores the expiration
> status).

I wouldn't call that a particularly great feature...  If a user sets
an expiration date, and that date has passed, the UI should note that
fact.  That signature is not "good" any longer.

GnuPG sets the critical bit for its expiring signatures, which causes
them to be invalid in PGP 8 anyway, so this isn't an issue with GnuPG.
That's a feature ;)

The PGP 8 behavior is legal according to the spec, but it is
unfortunate.  I'd rather see the UI report "expired signature" or some
such.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson