Best practice for periodic key change?

[MFPA]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Friday 6 May 2011 at 10:18:29 PM, in
<mid:BANLkTin2w8LJxYGHV3_5NpFbsiBhrP96XA at mail.gmail.com>, Jerome Baum
wrote:


>>> If my key expired yesterday, no-one can
>>> forge a message with that key and claim it's from
>>> today.

>> Never heard of a system clock that was wrong?

> I'll give a summary reply here for everyone stating
> it's still possible to make that signature. It's
> possible if the master key is compromised. I was
> assuming a sub-key with an expiration date.


It is trivial to make that signature without compromising the master
key.

Suppose your master key is secure and offline but Mallory has control
of your subkey that expired yesterday. Mallory can put their system
clock back 24hrs to sign and send a message, and then truthfully claim
the message was signed today. They can back up this claim with email
headers and server logs demonstrating the clock discrepancy.

Maybe implausible but definitely trivial.


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Ultimate consistency lies in being consistently inconsistent
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNxHjhnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pa2QEALud
O9yvta6V10S80QQnSCHm70qYvUvgD5tIBi8WwPSDmtDN/jdOQuFJvxc5DfcrJY4d
xNk7+bDdAOoTuB42Sc+VHKx54GlKzqSKj4prg4LLOcZYzhoQCmOfMoGOeWCrKZ/0
k3HoSq9u3AyoYjj++VMf3CCXEjrfV+E8yJmVQVtZ
=WL/J
-----END PGP SIGNATURE-----