[Aegypten] Bogus messages about certificates?

[Werner Koch]

On Mon, 30 Sep 2002 21:10:33 +0200, Ingo Klöcker said:

> I understand. This would mean that every incoming document would have to 
> be signed with a local key which of course must never expire. Do you 
> know of any MUA or MTA that does this?

No.

> cases the key must be revoked immediately. In my understanding 
> "expired" simply means "isn't used anymore". It does not mean "could 
> have been compromised in the meantime".

The expiration time is the only safe mechanism to make sure that a key
is not anymore used - well for v3 keys, with v4 keys we have a
different scenario.  The problem with revocation is how to publish
them - the current system is not reliable.

> Then the receiving MUA should also complain if the From/Reply-To header 
> doesn't match the key. I don't see where you implemented this in KMail. 
> ;-)

This should work - Karl-Heinz?



Salam-Shalom,

   Werner