I don't see any reason why it couldn't be done in principle - anyone who wants 
could set up an "authority" that produces a regular, signed list of all the 
certificates it currently trusts at each point in time. The trick is a) making 
sure that revocations get submitted to the authority in a timely fashion and b) 
working out whether to trust the authority in the first place. But that's a 
problem in OCSP too. 

In general, anything you can do in the X509 trust model you can do in PGP - but 
with a little more effort and a lot fewer default assumptions. 

Andrew Gallagher

> On 6 Dec 2016, at 22:57, NdK <ndk.cla...@gmail.com> wrote:
> 
> Il 06/12/2016 23:14, Andrew Gallagher ha scritto:
> 
>>> That could actually reduce trust in any PGP signature, unless there's a
>>> way to timestamp 'something' that says "as of 'now' this key have not
>>> been revoked". Ideally that attestation should be included with the 
>>> signature itself
>> So, essentially OCSP?
> That's the idea, but in GPG trust model... Is it possible?
> 
> BYtE,
> Diego
> 


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to