Best practice for periodic key change?
jerome at jeromebaum.com
Sat May 7 23:22:33 CEST 2011
2011/5/7 MFPA <expires2011 at ymail.com>
> On Saturday 7 May 2011 at 9:56:14 PM, in
> <mid:201105072256.15008 at thufir.ingo-kloecker.de>, Ingo Klöcker wrote:
> > It depends on your definition of "valid". In my book a
> > signature can only be valid if the corresponding key
> > is valid. Expired keys are not valid (anymore).
> I thought a key was incapable of making signatures with timestamps
> beyond its expiry time but could still be used to verify signatures
> that already existed.
Definitely. I get his point about rejecting them entirely though, as it is
(and that's what this dicussion is all about) difficult to verify the
(actual) signature time.
email jerome at jeromebaum.com
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users