Problem with faked-system-time option
jerome at jeromebaum.com
Tue Jun 14 00:09:31 CEST 2011
>> Yes, and it is trivial to write a fake date next to my
>> signature. That doesn't mean there are no legal
>> implications. In fact, just as I can commit fraud
>> (under the right circumstances) by writing that fake
>> date on a piece of paper, I can commit fraud by using a
>> fake time-stamp in an OpenPGP signature.
> Commit fraud, or make a trivial error...
Right. I can also be mistaken when dating my signature. As I said, it
depends on the circumstances. Even if I purposely lie about the date,
if there's no damage it's not fraud. So I agree with your point about
not relying on the signature date, which necessarily includes the date
of a digital signature. That doesn't mean you should entirely ignore
it either -- sounds a bit "black and white", doesn't it? The date is
an indicator, nothing more, but also nothing less.
>> Let's summarize: The signature time has potential legal
> Fair enough. But, as you illustrate above, it is trivial for a
> signature date/time to be incorrect. Therefore it is potentially
> unsafe to rely on them as being correct.
No-one said you should rely on that. Just as you shouldn't rely solely
on the date next to a signature. Anyone can lie.
email jerome at jeromebaum.com
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
More information about the Gnupg-users