-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Feb 1, 2009, at 6:44 PM, Christoph Anton Mitterer wrote:
* PGP Signed by an unverified key: 02/01/2009 at 06:44:23 PM
On Fri, 2009-01-30 at 17:02 -0800, Jon Callas wrote:
3) key expiration time (9)
I've probably asked this before. But, what happens if different key
expiration times are specified in the self-signatures? Is it left to
the implementation to decide what to do?
Yes. There are plenty of obvious right things to do. Let's suppose I
am moving from example.com to foobar.com next Monday, but I quit
example.com effective today (and set an expiration time that reflects
that). From now until Monday, neither user name is valid.
This is a little bit strange, isn't it? Wouldn't one use signature
expiration times on the User ID self-signatures for such move?
What's the difference?
Key expiration is expressed as a part of the self-signature. Yes, you
could time-limit the self signature and thus when the self-signature
expires you have a UID with no self-signature. But that strikes me as
an eccentric way to do the same thing. The question was not about
signature expirations, it was about key expiry.
It makes sense to me to have two preferred keyservers. I don't have
an
opinion about policy URIs, but I wouldn't discount it automatically
out of hand.
Doesn't the RFC say that only the last subpacket of a give type of the
same signature must be used? Or was this just a "should"?
I believe that it is guidance not a mandate.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII
wj8DBQFJhz3IsTedWZOD3gYRApQOAJ4jpEc6kXSmxJ6XqjPDb7LSDauSHQCdGZ6P
5mScLGI8utg7++gHPgIFHXw=
=BPfz
-----END PGP SIGNATURE-----