timestamp notation @gnupg.org

Werner Koch wk at gnupg.org
Thu Jun 16 14:56:32 CEST 2011


On Thu, 16 Jun 2011 13:21, mailinglisten at hauke-laging.de said:

> OK but GnuPG is an infrastructure tool and not so much about personal 
> preferences, isn't it? ;-)  So the relevant questions should be:

I believe it is.  However, I maintain GnuPG as a pro-bono service for
more than a decade now and thus it matters whether I have a personal
interest in a feature.

> This notation is a more compatible alternative to the signature type 0x40. So 
> its explanation could be used:
>
> "Timestamp signature. This signature is only meaningful for the timestamp 
> contained in it."

That is a bit too terse.  What is a timestamp how is it formatted in the
message and what does such a signature actually mean.  

Oh, I see: We are back to that long thread and to the reason why the
rfc1991 defined timestamp signature class has nevver been used in
reality.

> I would add for clarity: "The signer makes no statement about the signed data 
> (including that he has read it or at least could read it at all) except that 
> it existed at the time given in the signature timestamp."

Well, so write that into the signed data or the signature meta data and
you are done.  We have a policy flag for that.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list