On Fri, 2009-01-30 at 17:02 -0800, Jon Callas wrote:
3) key expiration time (9)
I've probably asked this before. But, what happens if different key
expiration times are specified in the self-signatures? Is it left to
the implementation to decide what to do?
Yes. There are plenty of obvious right things to do. Let's suppose I
am moving from example.com to foobar.com next Monday, but I quit
example.com effective today (and set an expiration time that reflects
that). From now until Monday, neither user name is valid.
This is a little bit strange, isn't it? Wouldn't one use signature
expiration times on the User ID self-signatures for such move?
4) exportable certification (4)
Does this have a meaning on subkey binding signatures (0x18)? E.g.
something like don't import the signature itself and neither the
subkey?
I have applications for this, myself. Yes.
Uhm @David (if you read this), does gnupg support creating non
exportable subkey binding signatures? And if so I assume that it doesn't
export the subkey either?!
It makes sense to me to have two preferred keyservers. I don't have an
opinion about policy URIs, but I wouldn't discount it automatically
out of hand.
Doesn't the RFC say that only the last subpacket of a give type of the
same signature must be used? Or was this just a "should"?
Greetings,
--
Christoph Anton Mitterer
Ludwig-Maximilians-Universität München
christoph(_dot_)anton(_dot_)mitterer(_at_)physik(_dot_)uni-muenchen(_dot_)de
mail(_at_)christoph(_dot_)anton(_dot_)mitterer(_dot_)name
smime.p7s
Description: S/MIME cryptographic signature