On 02/06/17 17:03, Andrew Gallagher wrote: > intentionally publishing secret material - even for > revoked keys - runs the risk of your correspondents getting scammed > during the refresh interval.
Note that this related to an *expired* subkey. If people wouldn't update their keyrings (which they indeed would not, probably), it would still correctly be expired. I did later realize that if somebody used a timestamping service to timestamp a document you signed, you would have to argue that you already published your secret key before that time. You can't defend yourself anymore with "that was backdated and signed only after the key expired and was published". It changes the argument somewhat. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
