On 2017/06/06 14:38, Peter Lebbing wrote:
> However, if somebody has used a timestamping service to prove the
> signature was in fact really issued before the key expired, you'll have
> to claim that you had already disclosed the secret key back then. Even
> though you didn't. So you can't prove it
On 06/06/17 15:14, Andrew Gallagher wrote:
> To protect against this, one would use a timestamping service to sign
> the secret key publication, thereby proving the publication was earlier
> than the forgery.
I think you're going backwards about this.
This is how I understand it:
Until the key i
On 2017/06/02 18:25, Peter Lebbing wrote:
> I did later realize that if somebody used a timestamping service to
> timestamp a document you signed, you would have to argue that you
> already published your secret key before that time.
To protect against this, one would use a timestamping service to
On 02/06/17 17:03, Andrew Gallagher wrote:
> intentionally publishing secret material - even for
> revoked keys - runs the risk of your correspondents getting scammed
> during the refresh interval.
Note that this related to an *expired* subkey. If people wouldn't update
their keyrings (which they
On 2017/06/02 14:06, Peter Lebbing wrote:
> On 02/06/17 14:42, Lionel Elie Mamane wrote:
>> However, if I publish the secret signing subkey after it expires,
>> the cryptographic certainty is gone.
>
> Heh, that's an interesting take on it. Thanks for sharing it.
The main motivation for publishin
On 02/06/17 14:42, Lionel Elie Mamane wrote:
> However, if I publish the secret signing subkey after it expires,
> the cryptographic certainty is gone.
Heh, that's an interesting take on it. Thanks for sharing it.
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You c
On Wed, May 31, 2017 at 05:42:10PM +0200, Peter Lebbing wrote:
> On 31/05/17 14:52, Lionel Elie Mamane wrote:
>> Right to be forgotten. The signatures I made a long time ago were made
>> by a different person, although there is a continuity between the
>> two.
> Talking about not forgetting, you
On 31/05/17 14:52, Lionel Elie Mamane wrote:
> Right to be forgotten. The signatures I made a long time ago were made
> by a different person, although there is a continuity between the
> two.
Talking about not forgetting, you answered after seven years?! :-D
I don't think expiring a signing subk
On Mon, Oct 04, 2010 at 10:45:02AM -0700, Doug Barton wrote:
> On 10/4/2010 8:22 AM, Lionel Elie Mamane wrote:
>> Also, when my signature subkey expires, it would (I guess) silently
>> start using the primary. Which makes me_very_ happy I chose to make
>> my primary certification-only, because si
Hello Werner and list,
I could reproduce the problem the user "Mustrum" had with moving his
certification-only primary key to a smartcard. If you have a primary key with
sign and certify abilities, you can "keytocard" it to the Signature slot of an
OpenPGP card, and it will issue certifications ju
On 10/4/2010 8:22 AM, Lionel Elie Mamane wrote:
Also, when my signature subkey expires, it would (I guess) silently
start using the primary. Which makes me_very_ happy I chose to make
my primary certification-only, because signatures started to fail
instead, which gave me notice and allowed me t
On Tue, Sep 06, 2005 at 01:03:00AM +0200, Lionel Elie Mamane wrote:
> On Mon, Sep 05, 2005 at 04:46:46PM -0400, David Shaw wrote:
>> On Mon, Sep 05, 2005 at 09:35:50PM +0200, Lionel Elie Mamane wrote:
>>> You could argue I could have this without marking the key as
>>> certificate-only, by never i
On Tue, Sep 06, 2005 at 01:03:00AM +0200, Lionel Elie Mamane wrote:
> >> I would obviously have at least one data-signing subkey. I presume
> >> these people would take a signature from such as subkey. Or
> >> decryption of a nonce they sent me encrypted to an encryption
> >> subkey.
>
> > They m
On Mon, Sep 05, 2005 at 04:46:46PM -0400, David Shaw wrote:
> On Mon, Sep 05, 2005 at 09:35:50PM +0200, Lionel Elie Mamane wrote:
>> On Mon, Sep 05, 2005 at 01:46:07PM -0400, David Shaw wrote:
>>> It's not necessarily a good idea though: some people before agreeing
>>> to sign a key will ask for a
On Mon, Sep 05, 2005 at 09:35:50PM +0200, Lionel Elie Mamane wrote:
> On Mon, Sep 05, 2005 at 01:46:07PM -0400, David Shaw wrote:
> > On Mon, Sep 05, 2005 at 04:41:40PM +0200, Lionel Elie Mamane wrote:
>
> >> I tried to generate an RSAv4 certification-only key with GnuPG, but
On Mon, Sep 05, 2005 at 01:46:07PM -0400, David Shaw wrote:
> On Mon, Sep 05, 2005 at 04:41:40PM +0200, Lionel Elie Mamane wrote:
>> I tried to generate an RSAv4 certification-only key with GnuPG, but
>> failed, even in "expert mode".
>> Is this impossible with Gnu
On Mon, Sep 05, 2005 at 04:41:40PM +0200, Lionel Elie Mamane wrote:
> Hi,
>
> I tried to generate an RSAv4 certification-only key with GnuPG, but
> failed, even in "expert mode".
>
> What I mean is a primary key that can be used to attach a subkey to
> it, or
Hi,
I tried to generate an RSAv4 certification-only key with GnuPG, but
failed, even in "expert mode".
What I mean is a primary key that can be used to attach a subkey to
it, or _maybe_ also to sign UserIDs of other keys (for the Web of
Trust). But not for data signatures. As I unde
18 matches
Mail list logo
