Just wondering if there's a reference anywhere regarding the checking of
signing keys when authenticating a signature (and for that matter when
creating a signature), regarding expiry dates, revocation signatures (the
validity of the same) etc etc.
I thought this would be an implementation issue however I think that the
Open PGP standard needs to lay down the rules regarding the sequence of
events that need to take place when signing and authenticating a signature.
I have come up with a sequence of events that need to be checked if one is
Level 2, 45 Stirling Hwy
NEDLANDS WA 6009
Fax: +61 8 9386 9473
Tel: + 61 8 9386 9534