(bug?) Revoked keys and past signatures
Kristian Fiskerstrand
kristian.fiskerstrand at sumptuouscapital.com
Tue Feb 10 13:30:28 CET 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 02/10/2015 01:24 PM, Peter Lebbing wrote:
> On 10/02/15 12:52, Kristian Fiskerstrand wrote:
>> No, the signature is still valid:
>>
>
> Why? The key was revoked because it was superseded or has been
> retired, not because it was stolen or compromised.
>
Unless you rely on a trusted third party to provide signature stamps,
signature dates can be forged. A key revocation should result in
immediate questioning of all aspects of the key, as it currently does.
- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Dura necessitas
Necessity is harsh
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJU2fndAAoJEP7VAChXwav6LSwH/ihbdKxXt7NneEjwvSnu/HtP
DJE1ihJB6z+AGe2Z8LR/YkEuvDKcxPbskmjbkVA7+7f4AX+R4pPeZBdgcpt/9SsL
06GzOeHyjkPS3tvKaJ9jHFJWXg3Vkd2++Q8+Awguh0zp+MrN/Np8b/esDsUHOLs7
qPHt0NCc7NveX8HgcS81dZkV1W6Ke1u4HijVw2TkgNuP7qRDlbTMHbrkcp96FxOq
bGzVhwjHpQTEuTMnuBq1KL7hl1iATihfeMg/DtLcRXPiMvYGGSomdj9U1RcfbVCL
exVNnwBkNzMXy9NGqtTzmZCXuUbtoP65oHmgz0wFzWftA/N8j2/E2yofcMoDJQQ=
=F1PH
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list