On Sat, Aug 27, 2005 at 09:50:18AM +0200, Daniel A. Nagy wrote:
I am wondering if I understand the following correctly:
0x40 Timestamp signature.
It is calculated directly on any document like a 0x00 signature (BTW, it
would probably makes sense to introduce a 0x41 timestamp for textual
documents), but the issuer of the signature does not claim authorship or
endorse the document, just states the fact that the document existed at the
time when the signature was issued.
Signature over a signature, just like 0x50. It's not exactly made
clear in section 5.2.1, but note that it gets a signature target
subpacket. That only makes sense if it is a signature over a
signature. Note that 0x40 actually existed in rfc-1991 as well (also
a signature over a signature).
This one I do not understand at all:
0x50 Third-Party Confirmation signature.
What is the signature calculated on? The document? The certified signature?
Both?
The signature. I thought this one was pretty clear (from 5.2.1):
This signature is a signature over some other OpenPGP
signature packet(s). It is analogous to a notary seal on the
signed data.
David