Best practice for periodic key change?
kgo at grant-olson.net
Sat May 7 22:31:34 CEST 2011
On 5/7/2011 7:54 AM, Hauke Laging wrote:
> Am Samstag, 7. Mai 2011, 04:33:17 schrieb Grant Olson:
>> 1) I digitally sign a document saying I owe you money. The signing key
>> has an expiration date.
>> 2) Key expires. I do nothing.
>> 3) The original document is invalidated. I no longer owe you money?
> Whether you owe me money does not depend on signing any documents in general.
> :-) Documents are usually just a proof.
> You can still claim that somebody owes you money but the document does not
> have the same legal value. What courts decide is another question...
Yes, of course.
> But the fiscal authorities don't accept digital bills (probably the most
> frequent use of legally qualified signatures here) which are signed by expired
> keys only. You need a chain of signatures which prove that there was a non-
> expired signature at any point in time.
> For the same reason it makes sense to have digitally signed documents signed
> by another key (not just the document but the document together with the
> signature) at once when you get them. Because you cannot know whether and if a
> key will be revoked in the future. The moment it is revoked and you cannot
> prove the signatures being older than the revoke all signatures are dead.
Okay, now I understand. It sounds like you're talking something like a
digital notarization. That makes sense now.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 552 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users