Slightly OT - i need the proper wording for a signed document
Dirk Gottschalk
dirk.gottschalk1980 at googlemail.com
Sat Nov 3 16:43:21 CET 2018
Hello Wiktor.
Am Freitag, den 02.11.2018, 17:17 +0100 schrieb Wiktor Kwapisiewicz:
> On 02.11.2018 15:35, Dirk Gottschalk wrote:
> > I prefer GPG. And no, GPG does not lack timestamping, a timestamp
> > is
> > included in every signature.
> Signature creation date is not the same as timestamping. As for why
> you may consider the problem of validating signatures made by revoked
> keys. Without timestamping this kind of signature is inherently
> insecure (as the compromised key could be used by the attacker to
> created a backdated signature).
Yeah, I see what you mean. Right, that was out oif my sight.
> For example Authenticode uses timestamping [0] so that old signatures
> can still be considered valid even when the key expires or is revoked
> later.
> Adding something comparable to OpenPGP was discussed [1] on OpenPGP
> ML recently and previously [2].
Thanks for the information.
Regards,
Dirk
--
Dirk Gottschalk
Paulusstrasse 6-8
52064 Aachen, Germany
GPG: DDCB AF8E 0132 AA54 20AB B864 4081 0B18 1ED8 E838
Keybase.io: https://keybase.io/dgottschalk
GitHub: https://github.com/Dirk1980ac
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20181103/4ce456a6/attachment-0001.sig>
More information about the Gnupg-users
mailing list