Best practice for periodic key change?

Jerome Baum jerome at
Sat May 7 23:21:17 CEST 2011

2011/5/7 Ingo Klöcker <kloecker at>

> This explains why digital signatures with legally binding date often
> (always?) require a timestamp by a certified third party.

Not always (every statement of intent is binding, even w/out a notary), but
e.g. over here (Germany) for a digital signature to reach a certain level of
documentation, you will need a certification on the signature date -- even
if the date isn't important, the certification is there to confirm the key
was valid at the (actual) time of signing. BTW, the laws here enforce the
keys to have an expiration date to reach that level.

On digital signatures being legally binding, apparently a scanned bitmap of
your signature is enough to be "binding" (as would be no signature), just
that it isn't very strong documentation.

Jerome Baum

tel +49-1578-8434336
email jerome at
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110507/519bc1f4/attachment.htm>

More information about the Gnupg-users mailing list