Best practice for periodic key change?
Jerome Baum
jerome at jeromebaum.com
Fri May 6 23:18:29 CEST 2011
On Fri, May 6, 2011 at 23:07, MFPA <expires2011 at ymail.com> wrote:
> On Friday 6 May 2011 at 9:48:26 PM, in
> <mid:BANLkTim3-DgY2NGVETevfJsXng8M5C2t0g at mail.gmail.com>, Jerome Baum
> wrote:
>
>
> > If my key expired yesterday, no-one can
> > forge a message with that key and claim it's from
> > today.
>
>
> Never heard of a system clock that was wrong?
I'll give a summary reply here for everyone stating it's still possible to
make that signature. It's possible if the master key is compromised. I was
assuming a sub-key with an expiration date. I haven't checked, but I pray
that sub-key expiration dates are signed with the master key. That sub-key,
by the way, was also the original context where I mentioned the forgery.
--
Jerome Baum
tel +49-1578-8434336
email jerome at jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110506/fd101992/attachment.htm>
More information about the Gnupg-users
mailing list