Certs by a revoked key

David Shaw dshaw@jabberwocky.com
Sun Feb 23 15:02:01 2003

On Sun, Feb 23, 2003 at 11:38:34AM +0100, Jan Niehusmann wrote:
> On Fri, Feb 21, 2003 at 07:21:51AM -0500, David Shaw wrote:
> > No, because unless you are talking about a very special use where the
> > sender and receiver have rigidly controlled clocks and nobody else can
> > participate, there is no way to tell whether the "old signatures"
> > predate the revocation or not.
> But that's exactly what I said: Because we don't know if a signature was
> made before or after the revocation, we should assume all signatures
> from made with a revoked key as invalid. Or at least give a big
> warning. And for certs, we should not use them in trust calculation.

I'm sorry - perhaps I misunderstood your point.  GnuPG doesn't use
signatures from revoked keys in trust calculations.


   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson