0.9.0 expiration date: does not work
Tim Walberg
walberg at cig.mot.com
Thu Jan 7 09:20:48 CET 1999
On 01/07/1999 00:16 +0100, Marco d'Itri wrote:
>> On Jan 06, David Hayes <david at hayes-family.org> wrote:
>> >NO ERROR AT ALL for:
>> > verifying a signature of an expired key where the key had
>> > not expired at the time the signature was created.
>> The signer can easily alter the clock of his computer.
>>
Yes, but with that in mind, the whole idea of expiring keys and
trying to enforce or warn about their expiry is kinda moot anyway,
because if I'm gonna change my systems clock, I might as well change
it back to before the key even expired. I don't think that changing
the system time is really an eventuality we need to worry about -
possible (albeit infeasible) solutions would be to query a "known
true" clock on the net somewhere to determine the current time
(rather than calling time() et. al.), but even that can be rigged.
tw
--
+--------------------------------------+------------------------------------+
| Tim Walberg | Phone: (847) 632-3407 |
| Motorola CE/ITS | Pager: (800) SKY-TEL2 PIN:1384689 |
| 1475 W Shure Dr. IL75-2H14 | FAX: (847) 632-5769 |
| Arlington Heights, IL 60004 | |
+--------------------------------------+------------------------------------+
| http://www.cig.mot.com/~walberg | E-mail: walberg at cig.mot.com, |
| http://www.skytel.com/Paging (pager) | 1384689 at skytel.com (pager) |
+--------------------------------------+------------------------------------+
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 256 bytes
Desc: not available
Url : /pipermail/attachments/19990107/92c84db0/attachment.bin
More information about the Gnupg-devel
mailing list