Best practice for periodic key change?

MFPA expires2011 at ymail.com
Sat May 7 01:43:40 CEST 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Saturday 7 May 2011 at 12:11:06 AM, in
<mid:BANLkTimNq9nxpf23=pE2n0rR1sTnH3Aicw at mail.gmail.com>, Jerome Baum
wrote:


> Actually let me put this in context so you see what I
> mean.

I already see what you mean; I just happen to disagree. (-;



> Say my sub-key expired yesterday. Today, you come
> up to me and ask me to sign something (say, a statement
> that I agree to specific contractual terms). Whoever is
> in possession of my sub-key cannot sign that document
> as at the time that the statement was made available to
> me for signing, the sub-key was already invalid.

The timestamp of the signature proves nothing. It is merely the time
on the system clock when the signature was made. The system clock may
be correct or incorrect; in your scenario above, it looks like you set
it deliberately a day behind in an attempt to generate plausible
deniability for your signature.


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Ultimate consistency lies in being consistently inconsistent
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNxIe8nhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pkBMEAKrg
GwnIdzVfOnq/hx5Jn/fJ4qoky8jpQQke58wKSuioX68DgZfAbpf9o01PHowfzMHT
bS7JAbSJEV1R874A7lGVRaVnWekD7J9aCgVFp/EiN+ehUGK91357HO6d6fH9eNKS
RQvRiFNr/1x1tPGHEXHox26Vs2PJaEjs3wRBJMvJ
=sv0T
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list