Problem with faked-system-time option
jerome at jeromebaum.com
Mon Jun 13 22:19:18 CEST 2011
>>> Some people labour under the misapprehension that the
>>> signature time is significant and has potential legal
>> Why should that be a misapprehension?
> Because the signature time means nothing, unless there is
> corroboration. It is trivial to alter a system clock (or to use
> software to pass a different time to an app).
Yes, and it is trivial to write a fake date next to my signature. That
doesn't mean there are no legal implications. In fact, just as I can
commit fraud (under the right circumstances) by writing that fake date
on a piece of paper, I can commit fraud by using a fake time-stamp in
an OpenPGP signature.
Let's summarize: The signature time has potential legal implications.
email jerome at jeromebaum.com
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
More information about the Gnupg-users