Certs by a revoked key
David Shaw
dshaw@jabberwocky.com
Sun Feb 23 15:02:01 2003
On Sun, Feb 23, 2003 at 11:38:34AM +0100, Jan Niehusmann wrote:
> On Fri, Feb 21, 2003 at 07:21:51AM -0500, David Shaw wrote:
> > No, because unless you are talking about a very special use where the
> > sender and receiver have rigidly controlled clocks and nobody else can
> > participate, there is no way to tell whether the "old signatures"
> > predate the revocation or not.
>
> But that's exactly what I said: Because we don't know if a signature was
> made before or after the revocation, we should assume all signatures
> from made with a revoked key as invalid. Or at least give a big
> warning. And for certs, we should not use them in trust calculation.
I'm sorry - perhaps I misunderstood your point. GnuPG doesn't use
signatures from revoked keys in trust calculations.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson