I don't see any reason why it couldn't be done in principle - anyone who wants could set up an "authority" that produces a regular, signed list of all the certificates it currently trusts at each point in time. The trick is a) making sure that revocations get submitted to the authority in a timely fashion and b) working out whether to trust the authority in the first place. But that's a problem in OCSP too.
In general, anything you can do in the X509 trust model you can do in PGP - but with a little more effort and a lot fewer default assumptions. Andrew Gallagher > On 6 Dec 2016, at 22:57, NdK <ndk.cla...@gmail.com> wrote: > > Il 06/12/2016 23:14, Andrew Gallagher ha scritto: > >>> That could actually reduce trust in any PGP signature, unless there's a >>> way to timestamp 'something' that says "as of 'now' this key have not >>> been revoked". Ideally that attestation should be included with the >>> signature itself >> So, essentially OCSP? > That's the idea, but in GPG trust model... Is it possible? > > BYtE, > Diego > _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
