On 5/6/2011 10:05 PM, Hauke Laging wrote: > > Several people have mentioned that a signature does not become invalid by > expiration of the key. That is formally correct an describes the GnuPG > behaviour. But with regard to content in such a case there has to be an > additional proof that the signature has been made before the key expired. > This > is a formal rule in e.g. the German signature law. If you want to use legally > accepted signatures for proving documents then you have to sign both the > document and the old signature by a new key (i.e. one with a later expiration > date) before the old key expires. >
I know nothing about German laws, but that just doesn't sound right to me. 1) I digitally sign a document saying I owe you money. The signing key has an expiration date. 2) Key expires. I do nothing. 3) The original document is invalidated. I no longer owe you money?
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
