On Sun, Jul 16, 2006 at 08:38:41PM +0200, Daniel A. Nagy wrote:
In his message on Feb 17, 2005
http://www.imc.org/ietf-openpgp/mail-archive/msg09179.html
Rick van Rein raised two important questions only one of which has been
addressed (by W. Koch). Rick proposed changes to the definiton of timestamp
signatures (sig type 0x40) which have been neither rejected nor accepted. In
fact, they have not even been discussed.
I think it is too late to suggest changes to 2440bis at this point.
The document has gone past last call and is now in the hands of the
editor.
With regards to the 0x40 timestamp signature, Hal noted that PGP would
likely not verify it. I can vouch that GnuPG will not verify it
either ("unknown signature class").
Another question that arises in the context of timestamps whether it is
worth defining another type (say, 0x41) for timestamping canonical text
documents analogously to the distinction between 0x00 and 0x01? My personal
opinion is that it is definitely worth doing. Thus, I would propose the
following wording:
0x40: Timestamp signature of a binary document.
The intention of this signature is to accurately record the time
at which the timestamped binary data was seen by the timestamp-signing
party.
0x41: Timestamp signature of a canonical text document.
The intention of this signature is to accurately record the time
at which the timestampe text was seen by the timestamp-signing
party. The signature is calculated over the text data with its
line endings converted to <CR><LF>.
0x40 has a long history. It was actually mentioned in RFC-1991, but
marked as not yet implemented. The thing that was the 1991 0x40
evolved into the 2440bis 0x50. To my knowledge, 0x40 has never been
implemented. In terms of the format, 2440bis more or less indicates
that (like 0x50), 0x40 is a signature over a signature, not over data,
binary or otherwise.
I think if you're looking for a timestamp signature, 0x40 isn't the
way to do it. A notation subpacket would seem to be a much more
usable method.
David