Re: Whither the 0x40 timestamp signature?

[Florian Weimer <fw@xxxxxxxxxxxxx>]

Lutz Donnerhacke <lutz@xxxxxxxxxxx> writes:

> I do have an application for this type of signature without providing the
> full meaning of notary (0x50) signatures.
>
> There is a full blown enviroment which requires timestamping at users end
> without involving a real notary timestamping service. The German signature
> law contains a protocol error in proofing signatures of withdrawn keys. The
> only sound solution requires an additional timestamp of every signature. The
> law assumes that the sender is responsible for providing the timestamp.

SigG/SigV conformance of OpenPGP applications is not going to happen
(and is not even desirable IMHO).

RFC 2440bis should simply state that there are a few flags for which
future RFCs may specify semantics.  Consensus on this list seems to be
that RFC 2440bis should remain a format spec, and signature semantics
would clearly be beyond its scope.

-- 
Current mail filters: many dial-up/DSL/cable modem hosts, and the
following domains: atlas.cz, bigpond.com, postino.it, tiscali.co.uk,
tiscali.cz, tiscali.it, voila.fr.