Best practice for periodic key change?
Ingo Klöcker
kloecker at kde.org
Sat May 7 23:15:24 CEST 2011
On Saturday 07 May 2011, MFPA wrote:
> Hi
>
>
> On Friday 6 May 2011 at 10:18:29 PM, in
> <mid:BANLkTin2w8LJxYGHV3_5NpFbsiBhrP96XA at mail.gmail.com>, Jerome Baum
>
> wrote:
> >>> If my key expired yesterday, no-one can
> >>> forge a message with that key and claim it's from
> >>> today.
> >>
> >> Never heard of a system clock that was wrong?
> >
> > I'll give a summary reply here for everyone stating
> > it's still possible to make that signature. It's
> > possible if the master key is compromised. I was
> > assuming a sub-key with an expiration date.
>
> It is trivial to make that signature without compromising the master
> key.
>
> Suppose your master key is secure and offline but Mallory has control
> of your subkey that expired yesterday. Mallory can put their system
> clock back 24hrs to sign and send a message, and then truthfully
> claim the message was signed today. They can back up this claim with
> email headers and server logs demonstrating the clock discrepancy.
This explains why digital signatures with legally binding date often
(always?) require a timestamp by a certified third party.
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110507/03f29c1d/attachment-0001.pgp>
More information about the Gnupg-users
mailing list