Best practice for periodic key change?

Jerome Baum jerome at jeromebaum.com
Sat May 7 23:22:33 CEST 2011


2011/5/7 MFPA <expires2011 at ymail.com>

> On Saturday 7 May 2011 at 9:56:14 PM, in
> <mid:201105072256.15008 at thufir.ingo-kloecker.de>, Ingo Klöcker wrote:
>
>
> > It depends on your definition of "valid". In my book a
> > signature can  only be valid if the corresponding key
> > is valid. Expired keys are not  valid (anymore).
>
> I thought a key was incapable of making signatures with timestamps
> beyond its expiry time but could still be used to verify signatures
> that already existed.


Definitely. I get his point about rejecting them entirely though, as it is
(and that's what this dicussion is all about) difficult to verify the
(actual) signature time.

-- 
Jerome Baum

tel +49-1578-8434336
email jerome at jeromebaum.com
-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110507/e369060e/attachment.htm>


More information about the Gnupg-users mailing list