gpgsm and expired certificates

[Peter Lebbing]

On 02/11/13 19:48, Uwe Brauer wrote:
> So either you claim to have evidence that this modules have been hacked
> and the key pair is transferred to some of these evil organisations or I
> really don't see your point.

I think the most common way for an X.509 CA to be deceitful is by giving someone
else a certificate with your name on it, not by stealing your key.

Then I would be under the impression I was holding an encrypted and signed
conversation with /you/, but I would be talking to the well-funded attacker that
got the false certificate. That attacker could then re-encrypt and send it on to
you, to be a man in the middle.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>