Best practice for periodic key change?
Grant Olson
kgo at grant-olson.net
Sat May 7 04:33:17 CEST 2011
On 5/6/2011 10:05 PM, Hauke Laging wrote:
>
> Several people have mentioned that a signature does not become invalid by
> expiration of the key. That is formally correct an describes the GnuPG
> behaviour. But with regard to content in such a case there has to be an
> additional proof that the signature has been made before the key expired. This
> is a formal rule in e.g. the German signature law. If you want to use legally
> accepted signatures for proving documents then you have to sign both the
> document and the old signature by a new key (i.e. one with a later expiration
> date) before the old key expires.
>
I know nothing about German laws, but that just doesn't sound right to me.
1) I digitally sign a document saying I owe you money. The signing key
has an expiration date.
2) Key expires. I do nothing.
3) The original document is invalidated. I no longer owe you money?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 552 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110506/a621c2a7/attachment-0001.pgp>
More information about the Gnupg-users
mailing list