Certs by a revoked key
Jan Niehusmann
jan@gondor.com
Sun Feb 23 11:37:01 2003
On Fri, Feb 21, 2003 at 07:21:51AM -0500, David Shaw wrote:
> No, because unless you are talking about a very special use where the
> sender and receiver have rigidly controlled clocks and nobody else can
> participate, there is no way to tell whether the "old signatures"
> predate the revocation or not.
But that's exactly what I said: Because we don't know if a signature was
made before or after the revocation, we should assume all signatures
from made with a revoked key as invalid. Or at least give a big
warning. And for certs, we should not use them in trust calculation.
Jan