[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: How do I do this with OpenPGP?
On Tue, May 07, 2002 at 04:29:53PM -0500, john.dlugosz@xxxxxxxxx wrote:
>
> From: John Dlugosz
>
> One of the nice things about OpenPGP is that multiple signatories are
> possible on a key, each "meaning" something. Basically, it trent signs a
> key, it's OK with me for (purpose A), and the fact that Carl signed it too
> for some other purpose is beside the point.
>
> But, I want Trent to be able to certify a key for a certain time period.
> Tag 2, type 0x10-0x13 doesn't contain a date. I suppose there's a more
> complicated way to do this, though? type 0x1F says "...for statements that
> non-self certifiers want to make about the key itself" so maybe something
> in there? Or certifing one of the (time range) subkeys instead of the main
> key?
I think you are looking for section 5.2.3.10: Signature expiration
time. Or if the key belongs to Trent's and he wants to make the whole
key go away after a while, then section 5.2.3.6: Key expiration time.
David
--
David Shaw | dshaw@xxxxxxxxxxxxxxx | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson