Slightly OT - i need the proper wording for a signed document
wiktor at metacode.biz
Fri Nov 2 17:17:59 CET 2018
On 02.11.2018 15:35, Dirk Gottschalk wrote:
> I prefer GPG. And no, GPG does not lack timestamping, a timestamp is
> included in every signature.
Signature creation date is not the same as timestamping. As for why you
may consider the problem of validating signatures made by revoked keys.
Without timestamping this kind of signature is inherently insecure (as
the compromised key could be used by the attacker to created a backdated
For example Authenticode uses timestamping  so that old signatures
can still be considered valid even when the key expires or is revoked later.
Adding something comparable to OpenPGP was discussed  on OpenPGP ML
recently and previously .
More information about the Gnupg-users