[prev in list] [next in list] [prev in thread] [next in thread]
List: gpa-dev
Subject: Re: [Aegypten] Bogus messages about certificates?
From: Werner Koch <wk () gnupg ! org>
Date: 2002-10-01 7:34:25
[Download RAW message or body]
On Mon, 30 Sep 2002 21:10:33 +0200, Ingo Klöcker said:
> I understand. This would mean that every incoming document would have to
> be signed with a local key which of course must never expire. Do you
> know of any MUA or MTA that does this?
No.
> cases the key must be revoked immediately. In my understanding
> "expired" simply means "isn't used anymore". It does not mean "could
> have been compromised in the meantime".
The expiration time is the only safe mechanism to make sure that a key
is not anymore used - well for v3 keys, with v4 keys we have a
different scenario. The problem with revocation is how to publish
them - the current system is not reliable.
> Then the receiving MUA should also complain if the From/Reply-To header
> doesn't match the key. I don't see where you implemented this in KMail.
> ;-)
This should work - Karl-Heinz?
Salam-Shalom,
Werner
_______________________________________________
Gpa-dev mailing list
Gpa-dev@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gpa-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic