On Sat, May 7, 2011 at 00:40, MFPA <expires2...@ymail.com> wrote: > > On Friday 6 May 2011 at 10:18:29 PM, in > <mid:banlktin2w8ljxyghv3_5npfbsibhrp9...@mail.gmail.com>, Jerome Baum > wrote: > > > >>> If my key expired yesterday, no-one can > >>> forge a message with that key and claim it's from > >>> today. > > Suppose your master key is secure and offline but Mallory has control > of your subkey that expired yesterday. Mallory can put their system > clock back 24hrs to sign and send a message, and then truthfully claim > the message was signed today. They can back up this claim with email > headers and server logs demonstrating the clock discrepancy. > > Maybe implausible but definitely trivial.
Okay, let me rephrase that. "claim it's from today" should have been "have the signature date as today". That's how I would interpret such a claim. Email headers don't really make a difference -- they would have signed it yesterday and sent it today, but the message is still from yesterday. -- Jerome Baum tel +49-1578-8434336 email jer...@jeromebaum.com -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
