Best practice for periodic key change?
expires2011 at ymail.com
Sat May 7 01:43:40 CEST 2011
-----BEGIN PGP SIGNED MESSAGE-----
On Saturday 7 May 2011 at 12:11:06 AM, in
<mid:BANLkTimNq9nxpf23=pE2n0rR1sTnH3Aicw at mail.gmail.com>, Jerome Baum
> Actually let me put this in context so you see what I
I already see what you mean; I just happen to disagree. (-;
> Say my sub-key expired yesterday. Today, you come
> up to me and ask me to sign something (say, a statement
> that I agree to specific contractual terms). Whoever is
> in possession of my sub-key cannot sign that document
> as at the time that the statement was made available to
> me for signing, the sub-key was already invalid.
The timestamp of the signature proves nothing. It is merely the time
on the system clock when the signature was made. The system clock may
be correct or incorrect; in your scenario above, it looks like you set
it deliberately a day behind in an attempt to generate plausible
deniability for your signature.
MFPA mailto:expires2011 at ymail.com
Ultimate consistency lies in being consistently inconsistent
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users