On Jan 26, 2009, at 6:20 PM, Peter Thomas wrote:
It's used for designated revocation signatures. There is no reason
why it *couldn't* be used for key expiration or key flags, but 0x13
works just as well for this. OpenPGP supports both 0x1F and 0x13
(0x10, 0x11, 0x12), and historically people used 0x13, so there was
never a real reason to change.
Ok,.. I'll come back to this later when I ask some stuff about
signature subpackets.
Would gnupg understand these subpackets in a 0x1F signature?
Yes. It's a valid key as per the spec, even though no program
actually generates such a key that I know of. Note that I can't make
that same guarantee for other programs. I suspect they'd work, but
you'd have to check to be sure.
It's a Notary signature. For example: Alice writes a document. She
later wants to be able to prove when it was written. Obviously we
can't trust Alice's signature to prove that since she can set her
clock to whatever she likes. We can, however, trust the notary (or
many notaries). Alice signs the document, and then brings the
signature to the Notary. The Notary verifies that the signature is
sane (i.e. the date is current) and then signs the signature (with an
0x50). Alice gets her proof, and significantly does not have to show
the Notary her original document.
Ah,.. now I understand :-) So it's somehow comparable to the timestamp
signatures, isn't it?
They are similar, except that a timestamp signature is presumed to be
over actual data. A notary signature is made over another signature.
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
