ietf-openpgp
[Top] [All Lists]

Re: [openpgp] How to re-launch the OpenPGP WG

2015-03-19 13:11:12
On Thu, 2015-03-19 at 14:00 -0400, Benjamin Kaduk wrote: 
What happens when the policy listed at the policy URL changes?  It seems
that a local resource would be needed.
Well first, the different signature levels (if they rely on a policy
document, which they effectively do due to their vague definition)
wouldn't help you in such case either.

Second, it's IMHO in the responsibility of the signer to keep the old
policies available, of course it wouldn't be enough for the URL to just
contain the key ID... (it would need at least the valid from / through
dates and probably more values like signing key finger print and more...
or even better a hash on the signature packet).


Cheers,
Chris 

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp