-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, Jul 15, 2003 at 01:37:34PM -0400, Edwin Woudt wrote:
While implementing key expiration, I noticed that the 'key expiration time'
signature subpacket (#9) is put in self certification signatures instead of
in (self signed) direct key signature.
Why is that?
I find it more logical to put it in a direct key signature, as it says
nothing about the user id that is self signed. In fact, given multiple user
id's, putting it in self certification signatures could even result in
conflicting information.
It is legal to put the key expiration in a direct key signature, but
I'm not sure why it isn't regularly done that way. Possibly because
it was done that way a long time ago and there was no dramatic reason
to change.
In any event, GnuPG does accept a key expiration set from a direct key
signature. I'm not sure about PGP.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc2 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
iEYEARECAAYFAj8q1QYACgkQ4mZch0nhy8kIQgCfdej18CmdSGvoe82yZNZsfny+
Y+AAn3zfIA/EREHN9yjjg2ouRvG4qh8G
=S29u
-----END PGP SIGNATURE-----