Proof for a creation date

NdK ndk.clanbo at gmail.com
Tue Dec 6 22:42:38 CET 2016


Il 06/12/2016 12:30, Roman Zeyde ha scritto:
> You can also use OpenTimestamps service as described here:
> https://petertodd.org/2016/opentimestamps-announcement
Interesting!

To remain on-topic, I'd like to take the "footnote 3":
-8<--
An interesting nuance to this is someone who has stolen a PGP key could
also create a revocation, and they could backdate it to deny access to
previously created signatures; there’s a lot of interesting design
questions about how to deal with this with random beacons and the like
that are beyond the scope of this blog post
-8<--

That could actually reduce trust in any PGP signature, unless there's a
way to timestamp 'something' that says "as of 'now' this key have not
been revoked". Ideally that attestation should be included with the
signature itself.

BYtE,
 Diego



More information about the Gnupg-users mailing list