Proof for a creation date
Andrew Gallagher
andrewg at andrewg.com
Wed Dec 7 00:27:08 CET 2016
I don't see any reason why it couldn't be done in principle - anyone who wants could set up an "authority" that produces a regular, signed list of all the certificates it currently trusts at each point in time. The trick is a) making sure that revocations get submitted to the authority in a timely fashion and b) working out whether to trust the authority in the first place. But that's a problem in OCSP too.
In general, anything you can do in the X509 trust model you can do in PGP - but with a little more effort and a lot fewer default assumptions.
Andrew Gallagher
> On 6 Dec 2016, at 22:57, NdK <ndk.clanbo at gmail.com> wrote:
>
> Il 06/12/2016 23:14, Andrew Gallagher ha scritto:
>
>>> That could actually reduce trust in any PGP signature, unless there's a
>>> way to timestamp 'something' that says "as of 'now' this key have not
>>> been revoked". Ideally that attestation should be included with the signature itself
>> So, essentially OCSP?
> That's the idea, but in GPG trust model... Is it possible?
>
> BYtE,
> Diego
>
More information about the Gnupg-users
mailing list