Best practice for periodic key change?
Jerome Baum
jerome at jeromebaum.com
Sat May 7 01:11:06 CEST 2011
On Sat, May 7, 2011 at 01:01, Jerome Baum <jerome at jeromebaum.com> wrote:
> Okay, let me rephrase that. "claim it's from today" should have been "have
> the signature date as today". That's how I would interpret such a claim.
> Email headers don't really make a difference -- they would have signed it
> yesterday and sent it today, but the message is still from yesterday.
>
Actually let me put this in context so you see what I mean. Say my sub-key
expired yesterday. Today, you come up to me and ask me to sign something
(say, a statement that I agree to specific contractual terms). Whoever is in
possession of my sub-key cannot sign that document as at the time that the
statement was made available to me for signing, the sub-key was already
invalid.
--
Jerome Baum
tel +49-1578-8434336
email jerome at jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110507/1515ca7c/attachment.htm>
More information about the Gnupg-users
mailing list