On Sat, Mar 19, 2005 at 02:26:07PM -0500, David Shaw wrote: > I agree. It's not just expired and superceded signatures. There are > a good number of other semantic questions that are not covered in 2440 > or 2440bis. For example, the so-called "PGP trust model" is not > covered anywhere. This is historical: the original plan for the IETF > group was that there would be multiple specifications (a message > format document, a trust model document, etc). Unfortunately, only > the message format document was written, and it became 2440.
That explains a lot. Thanks. > about the same thing. Given this case: > > non-revocable sig 1-Jan-2000 > revocable sig 2-Jan-2000 > revocation 3-Jan-2000 > > One way of looking at this is the end result is nothing. That is, the > revocable sig of 2-Jan-2000 has superceded the non-revocable sig of > 1-Jan-2000, and then the revocation has revoked the sig of 2-Jan-2000. > There are no valid sigs left, and all three can be disregarded. This would be letting the non-revocable sig. be indirectly revoked, which I don't believe anyone is advocating. > Another way of looking at this is that the revocable sig of 2-Jan-2000 > has not superceded the non-revocable sig of 1-Jan-2000. The > revocation of 3-Jan-2000 has revoked the sig of 2-Jan-2000, which > leaves the non-revocable sig of 1-Jan-2000 as valid and usable. This is what I am advocating. > Now try this case: > > non-revocable sig 1-Jan-2000 > expired sig 2-Jan-2000 (expired 3-Jan-2000) > > One answer here is that the expired sig of 2-Jan-2000 has superceded > the nonrevocable sig of 1-Jan-2000. The end result is nothing and > both sigs can be discarded. > > Another answer is that 2-Jan-2000 has expired, which leaves the sig of > 1-Jan-2000 as valid and usable. > > What are you arguing for? The sig. of 1-Jan-2000 is valid and usable. It can only be ignored when superceded. Also, if multiple non-revocable sigs. exist, the latest (valid) one supercedes all others, which can be safely removed. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004
pgpVNg7i7cAO6.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users