Certs by a revoked key

David Shaw dshaw@jabberwocky.com
Sun Feb 23 15:03:01 2003

On Sun, Feb 23, 2003 at 12:32:35PM +0100, Erwan David wrote:
> Le Sun 23/02/2003, Jan Niehusmann disait
> > On Fri, Feb 21, 2003 at 07:21:51AM -0500, David Shaw wrote:
> > > No, because unless you are talking about a very special use where the
> > > sender and receiver have rigidly controlled clocks and nobody else can
> > > participate, there is no way to tell whether the "old signatures"
> > > predate the revocation or not.
> > 
> > But that's exactly what I said: Because we don't know if a signature was
> > made before or after the revocation, we should assume all signatures
> > from made with a revoked key as invalid. Or at least give a big
> > warning. And for certs, we should not use them in trust calculation.
> so that's a poin in which S/MIME pkcs#7 are better, since signature
> contains a (signed) signing time...

No, they are the same.  PGP signatures contain a signed signing time
as well.  In both cases, the signing time is only as reliable as the
signer's clock.


   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson