On Tuesday 03 December 2013 19:03:13 Robert J. Hansen wrote: > On 12/3/2013 6:20 PM, Hauke Laging wrote: > > Imagine a certificate which is always prolonged for just one day. If > > this gets compromised then it will not be prolonged any more (at > > least not by its owner but we all love our highly secure offline > > mainkeys, don't we?) so everyone will notice that within hours. > > 1. The attacker can just extend the validity himself. He's > successfully compromised the key, after all. > > 2. As a consequence of #1, no one will notice.
In your quotation you've snipped away too much of Hauke's message. Hauke gave two scenarios. In the second scenario > > b) the key has been compromised and cannot be revoked (because the > > owner has lost access to the secret mainkey and has neither a > > revocation certificate nor a (usable) designated revoker) your assertion is correct. In the first scenario > > a) the key has been compromised and revoked and you don't know that > > (because your last certificate update was before the revocation > > publishing) it is incorrect because the attacker cannot extend the validity of the revoked key. Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
