Best practice for periodic key change?

Grant Olson kgo at grant-olson.net
Sat May 7 04:33:17 CEST 2011


On 5/6/2011 10:05 PM, Hauke Laging wrote:
> 
> Several people have mentioned that a signature does not become invalid by 
> expiration of the key. That is formally correct an describes the GnuPG 
> behaviour. But with regard to content in such a case there has to be an 
> additional proof that the signature has been made before the key expired. This 
> is a formal rule in e.g. the German signature law. If you want to use legally 
> accepted signatures for proving documents then you have to sign both the 
> document and the old signature by a new key (i.e. one with a later expiration 
> date) before the old key expires.
> 

I know nothing about German laws, but that just doesn't sound right to me.

1) I digitally sign a document saying I owe you money.  The signing key
has an expiration date.

2) Key expires.  I do nothing.

3) The original document is invalidated.  I no longer owe you money?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 552 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110506/a621c2a7/attachment-0001.pgp>


More information about the Gnupg-users mailing list