Am Do 05.12.2013, 19:30:07 schrieb Ingo Klöcker: > your assertion is correct. > > > In the first scenario > > > > a) the key has been compromised and revoked and you don't know that > > > (because your last certificate update was before the revocation > > > publishing) > > it is incorrect because the attacker cannot extend the validity of the > revoked key.
You misunderstand the attack. If you completely control the system time (which is not realistic for big discrepancies, of course) then you can prevent the certificate from becoming invalid: You never reach the expiration date. BTW, OT: May I point you at this? https://bugs.kde.org/show_bug.cgi?id=318005 https://bugs.kde.org/show_bug.cgi?id=326476 https://bugs.kde.org/show_bug.cgi?id=326477 Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
