Re: [Sks-devel] 0xd5920e937cc1e39b shows signatures with 0xca57ad7c continuing?

[Jeffrey Johnson]

On May 31, 2012, at 1:58 AM, John Clizbe <address@hidden> wrote:

>> 
>> Why is crypto needed? It's a set of RFC 2440/4880 expired packets that
>> match a pubkey fingerprint that need to be dropped when retrieved: parsing
>> is needed but not crypto afaik.
> 
> Look at clean again, and by extension minimal. First thing is to determine if
> a sig is even valid. If it's invalid, we can auto-toss it. Then we can proceed
> with the /rest/ of the cleaning/minimizing. We're also removing unusable UIDs,
> so we need to validate the revocation sig on the UID.
> 

expired+duplicated might be tossed by parsing w/o validation: more
careful work would involve ensuring that a valid (but expired)
signature wasn't discarded leaving only a current (but invalid) signature.

73 de Jeff