Hello Wiktor. Am Freitag, den 02.11.2018, 17:17 +0100 schrieb Wiktor Kwapisiewicz: > On 02.11.2018 15:35, Dirk Gottschalk wrote: > > I prefer GPG. And no, GPG does not lack timestamping, a timestamp > > is > > included in every signature.
> Signature creation date is not the same as timestamping. As for why > you may consider the problem of validating signatures made by revoked > keys. Without timestamping this kind of signature is inherently > insecure (as the compromised key could be used by the attacker to > created a backdated signature). Yeah, I see what you mean. Right, that was out oif my sight. > For example Authenticode uses timestamping [0] so that old signatures > can still be considered valid even when the key expires or is revoked > later. > Adding something comparable to OpenPGP was discussed [1] on OpenPGP > ML recently and previously [2]. Thanks for the information. Regards, Dirk -- Dirk Gottschalk Paulusstrasse 6-8 52064 Aachen, Germany GPG: DDCB AF8E 0132 AA54 20AB B864 4081 0B18 1ED8 E838 Keybase.io: https://keybase.io/dgottschalk GitHub: https://github.com/Dirk1980ac
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
