[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-users
Subject: Re: Best practice for periodic key change?
From: Ingo =?iso-8859-15?q?Kl=F6cker?= <kloecker () kde ! org>
Date: 2011-05-07 21:08:10
Message-ID: 201105072308.11030 () thufir ! ingo-kloecker ! de
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Sunday 08 May 2011, Grant Olson wrote:
===============
You seem to send messages from the future. ;-)
> On 5/6/11 3:48 PM, Ingo Klöcker wrote:
> > On Thursday 05 May 2011, Hauke Laging wrote:
> >> What is the difference between these two options with respect to
> >> the point of confusion?
> >
> > Unless I'm missing something the difference is as follows:
> > - With prolongation of the expiration time releases signed before
> > the prolongation will keep having a valid signature.
> > - If one creates a new subkey then releases signed with the old
> > expired subkey(s) will have an invalid signature. One would have
> > to re-sign the old releases with the new subkey.
>
> Nope.
>
> The old releases won't have an invalid sig as long as the sig was
> made before the expiration date. Expiring a key now doesn't
> invalidate a sig made yesterday. Gpg will print out a note saying
> the key is expired, but it's not as drastic as the error with a
> post-dated signature.
Ahh. My bad. Thanks for the heads up. I wasn't aware of this difference
between signatures made before and after the expiration date.
Regards,
Ingo
["signature.asc" (application/pgp-signature)]
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic