To all,
Just wondering if there's a reference anywhere regarding the checking of
signing keys when authenticating a signature (and for that matter when
creating a signature), regarding expiry dates, revocation signatures (the
validity of the same) etc etc.
I thought this would be an implementation issue however I think that the
Open PGP standard needs to lay down the rules regarding the sequence of
events that need to take place when signing and authenticating a signature.
I have come up with a sequence of events that need to be checked if one is
needed.
Regards
Erron Criddle
Comasp Ltd.
Level 2, 45 Stirling Hwy
NEDLANDS WA 6009
Australia
Fax: +61 8 9386 9473
Tel: + 61 8 9386 9534
http://www.comasp.com
ejc(_at_)comasp(_dot_)com