Certification-only key

Peter Lebbing peter at digitalbrains.com
Tue Jun 6 15:38:58 CEST 2017


On 06/06/17 15:14, Andrew Gallagher wrote:
> To protect against this, one would use a timestamping service to sign
> the secret key publication, thereby proving the publication was earlier
> than the forgery.

I think you're going backwards about this.

This is how I understand it:

Until the key is expired, you want people to recognize your signatures
as valid and issued by you. Hence, you don't publicly disclose your
secret key. You only do this once your key is expired.

Henceforth, you want to plausibly deny you issued those signatures which
you in fact *did* issue. As long as there is no timestamping service,
you could claim the signature to be a recent forgery with a forged time
of signature.

However, if somebody has used a timestamping service to prove the
signature was in fact really issued before the key expired, you'll have
to claim that you had already disclosed the secret key back then. Even
though you didn't. So you can't prove it with a timestamping service
because it is not actually the case.

And then there is the issue that the timestamp in general proves the
data *existed* at the time of issuance. But this doesn't prove the data
was disclosed publicly. Obviously the secret key existed, nobody is
questioning that. To prove it was disclosed, you'll need to go through
some more steps.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170606/f305236b/attachment.sig>


More information about the Gnupg-users mailing list