Hello.
On Sat, Jan 31, 2009 at 5:04 AM, David Shaw <dshaw(_at_)jabberwocky(_dot_)com>
wrote:
Use the shortest expiration time. If the 0x1F says you have 10 days, and
the 0x13 says you have 5 days, you have 5 days.
Ok,.. but basically this means,... it's left to the implementation by
the RFC, as Jon said, right?
So an implementation could also use the key expiration of the 0x1F
when the key was selected via key ID for example,.. or one of my other
examples from above.
And your answer here is "just" the probably most reasonable advice?!
But in any case,... if the selected expiration time is reached,.. the
WHOLE key is expired, right?
As you note, the subkeys
have their own expiration time - but not if they exceed the whole key
expiration time. You can't have a subkey that lives beyond its primary key.
Of course :)
If you have preferred algorithms in both the 0x1F and a 0x13, then you use
the one with the narrowest scope. So, if the key was chosen by a particular
user ID, you use the preferred algorithms from that user ID's selfsig. If
that selfsig does not have preferred algorithms, use the one in the 0x1F.
If the key was chosen by key ID (so there is no one particular user ID) you
use the preferred algorithm from the primary user ID. As before, if there
is no preferred algorithm there, use the one from the 0x1F. If there is
preferred algorithms on a 0x18, I think I'd take the union of those
algorithms with the ones from the user ID or 0x1F.
Ok but again,.. this handling is _not_ enforced by the RFC, and an
implementation could also choose to do it by one of my examples,
right? Of course what you've explained here above is probably the most
reasonable :-)
Ah and did I understand this correct:
When the symmetric/hash/compression algorithm is set on a 0x1F but not
any of the 0x13, the ones from the 0x1F are used? But if the 0x13s
have them _too_ these are used?!
Does gnupg do it like that? I mean that you can set kind of a "global"
default via the 0x1F, expect you re-set it on the 0x13s?
- key server preferences / preferred key server / key flags / features
For them it's also up to the implementation right?
Where can I find how gnupg would choose if I'd have them
a) only in the 0x1F but not the 0x13s
b) in both
"Read the sources!"?! xD
II) Subpackets on any of the 0x10-0x13 certification signatures:
III) Subpackets on the 0x18 subkey binding signature:
Were my assumptions here correct?
Does it make any sense to have keyserverprefs/preferred
keyserver/features on 0x18 subkey binding signatures?
Can anyone here of an example or a semantical meaning, that a
self-signature is a trust-signature?
Wow,... I think I'm going to run out of questions ^^
Thanks,
Peter