Proof for a creation date

Andrew Gallagher andrewg at
Wed Dec 7 00:27:08 CET 2016

I don't see any reason why it couldn't be done in principle - anyone who wants could set up an "authority" that produces a regular, signed list of all the certificates it currently trusts at each point in time. The trick is a) making sure that revocations get submitted to the authority in a timely fashion and b) working out whether to trust the authority in the first place. But that's a problem in OCSP too. 

In general, anything you can do in the X509 trust model you can do in PGP - but with a little more effort and a lot fewer default assumptions. 

Andrew Gallagher

> On 6 Dec 2016, at 22:57, NdK <ndk.clanbo at> wrote:
> Il 06/12/2016 23:14, Andrew Gallagher ha scritto:
>>> That could actually reduce trust in any PGP signature, unless there's a
>>> way to timestamp 'something' that says "as of 'now' this key have not
>>> been revoked". Ideally that attestation should be included with the signature itself
>> So, essentially OCSP?
> That's the idea, but in GPG trust model... Is it possible?
> BYtE,
> Diego

More information about the Gnupg-users mailing list