Best practice for periodic key change?

Jerome Baum jerome at
Fri May 6 23:18:29 CEST 2011

On Fri, May 6, 2011 at 23:07, MFPA <expires2011 at> wrote:

> On Friday 6 May 2011 at 9:48:26 PM, in
> <mid:BANLkTim3-DgY2NGVETevfJsXng8M5C2t0g at>, Jerome Baum
> wrote:
> > If my key expired yesterday, no-one can
> > forge a message with that key and claim it's from
> > today.
> Never heard of a system clock that was wrong?

I'll give a summary reply here for everyone stating it's still possible to
make that signature. It's possible if the master key is compromised. I was
assuming a sub-key with an expiration date. I haven't checked, but I pray
that sub-key expiration dates are signed with the master key. That sub-key,
by the way, was also the original context where I mentioned the forgery.

Jerome Baum

tel +49-1578-8434336
email jerome at
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110506/fd101992/attachment.htm>

More information about the Gnupg-users mailing list