From: John Dlugosz
Thanks, Hal.
Is Trent's signature on the key itself or on a UserID?
It seems that either has semantic implications, but what do existing
general-purpose tools do? I like the latter for my application.
What's the relationship between the "Trust signature" key subpacket, and
using key types 0x11-0x13?
--John
"Hal Finney" <hal(_at_)finney(_dot_)org> on 05-07-2002 04:56:25 PM
To: ietf-openpgp(_at_)imc(_dot_)org, john(_dot_)dlugosz(_at_)kodak(_dot_)com
cc:
Subject: Re: How do I do this with OpenPGP?
You should use the signature expiration time subpacket, in Trent's
signature on the key.
Hal
From: John Dlugosz
One of the nice things about OpenPGP is that multiple signatories are
possible on a key, each "meaning" something. Basically, it trent signs a
key, it's OK with me for (purpose A), and the fact that Carl signed it
too
for some other purpose is beside the point.
But, I want Trent to be able to certify a key for a certain time period.
Tag 2, type 0x10-0x13 doesn't contain a date. I suppose there's a more
complicated way to do this, though? type 0x1F says "...for statements
that
non-self certifiers want to make about the key itself" so maybe something
in there? Or certifing one of the (time range) subkeys instead of the
main
key?
Anyone?