Series of minor questions about OpenPGP 2
David Shaw
dshaw at jabberwocky.com
Tue Jan 27 05:18:59 CET 2009
On Jan 26, 2009, at 6:20 PM, Peter Thomas wrote:
>> It's used for designated revocation signatures. There is no reason
>> why it *couldn't* be used for key expiration or key flags, but 0x13
>> works just as well for this. OpenPGP supports both 0x1F and 0x13
>> (0x10, 0x11, 0x12), and historically people used 0x13, so there was
>> never a real reason to change.
> Ok,.. I'll come back to this later when I ask some stuff about
> signature subpackets.
> Would gnupg understand these subpackets in a 0x1F signature?
Yes. It's a valid key as per the spec, even though no program
actually generates such a key that I know of. Note that I can't make
that same guarantee for other programs. I suspect they'd work, but
you'd have to check to be sure.
>> It's a Notary signature. For example: Alice writes a document. She
>> later wants to be able to prove when it was written. Obviously we
>> can't trust Alice's signature to prove that since she can set her
>> clock to whatever she likes. We can, however, trust the notary (or
>> many notaries). Alice signs the document, and then brings the
>> signature to the Notary. The Notary verifies that the signature is
>> sane (i.e. the date is current) and then signs the signature (with an
>> 0x50). Alice gets her proof, and significantly does not have to show
>> the Notary her original document.
> Ah,.. now I understand :-) So it's somehow comparable to the timestamp
> signatures, isn't it?
They are similar, except that a timestamp signature is presumed to be
over actual data. A notary signature is made over another signature.
David
More information about the Gnupg-users
mailing list