Certification-only key

Peter Lebbing peter at digitalbrains.com
Fri Jun 2 19:25:31 CEST 2017

On 02/06/17 17:03, Andrew Gallagher wrote:
> intentionally publishing secret material - even for
> revoked keys - runs the risk of your correspondents getting scammed
> during the refresh interval.

Note that this related to an *expired* subkey. If people wouldn't update
their keyrings (which they indeed would not, probably), it would still
correctly be expired.

I did later realize that if somebody used a timestamping service to
timestamp a document you signed, you would have to argue that you
already published your secret key before that time. You can't defend
yourself anymore with "that was backdated and signed only after the key
expired and was published". It changes the argument somewhat.


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170602/924e3b7c/attachment-0001.sig>

More information about the Gnupg-users mailing list