[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How do I do this with OpenPGP?

To: hal@xxxxxxxxxx
Subject: Re: How do I do this with OpenPGP?
From: john.dlugosz@xxxxxxxxx
Date: Tue, 7 May 2002 17:16:26 -0500
Cc: ietf-openpgp@xxxxxxx
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
Sensitivity:


From: John Dlugosz

Thanks, Hal.

Is Trent's signature on the key itself or on a UserID?

It seems that either has semantic implications, but what do existing
general-purpose tools do?  I like the latter for my application.

What's the relationship between the "Trust signature" key subpacket, and
using key types 0x11-0x13?

--John





"Hal Finney" <hal@xxxxxxxxxx> on 05-07-2002 04:56:25 PM

To:    ietf-openpgp@xxxxxxx, john.dlugosz@xxxxxxxxx
cc:
Subject:    Re: How do I do this with OpenPGP?


You should use the signature expiration time subpacket, in Trent's
signature on the key.

Hal

> From: John Dlugosz
>
> One of the nice things about OpenPGP is that multiple signatories are
> possible on a key, each "meaning" something.  Basically, it trent signs a
> key, it's OK with me for (purpose A), and the fact that Carl signed it
too
> for some other purpose is beside the point.
>
> But, I want Trent to be able to certify a key for a certain time period.
> Tag 2, type 0x10-0x13 doesn't contain a date.  I suppose there's a more
> complicated way to do this, though?  type 0x1F says "...for statements
that
> non-self certifiers want to make about the key itself" so maybe something
> in there?  Or certifing one of the (time range) subkeys instead of the
main
> key?
>
> Anyone?

Prev by Date: Re: How do I do this with OpenPGP?
Next by Date: Re: How do I do this with OpenPGP?
Previous by thread: Re: How do I do this with OpenPGP?
Next by thread: Re: How do I do this with OpenPGP?
Index(es):
- Date
- Thread