[Top] [All Lists]

Re: How do I do this with OpenPGP?

2002-05-07 15:16:28

From: John Dlugosz

Thanks, Hal.

Is Trent's signature on the key itself or on a UserID?

It seems that either has semantic implications, but what do existing
general-purpose tools do?  I like the latter for my application.

What's the relationship between the "Trust signature" key subpacket, and
using key types 0x11-0x13?


"Hal Finney" <hal(_at_)finney(_dot_)org> on 05-07-2002 04:56:25 PM

To:    ietf-openpgp(_at_)imc(_dot_)org, john(_dot_)dlugosz(_at_)kodak(_dot_)com
Subject:    Re: How do I do this with OpenPGP?

You should use the signature expiration time subpacket, in Trent's
signature on the key.


From: John Dlugosz

One of the nice things about OpenPGP is that multiple signatories are
possible on a key, each "meaning" something.  Basically, it trent signs a
key, it's OK with me for (purpose A), and the fact that Carl signed it
for some other purpose is beside the point.

But, I want Trent to be able to certify a key for a certain time period.
Tag 2, type 0x10-0x13 doesn't contain a date.  I suppose there's a more
complicated way to do this, though?  type 0x1F says "...for statements
non-self certifiers want to make about the key itself" so maybe something
in there?  Or certifing one of the (time range) subkeys instead of the


<Prev in Thread] Current Thread [Next in Thread>