On Tue, May 10, 2011 at 07:42, Grant Olson k...@grant-olson.net wrote:
On 5/10/2011 1:35 AM, Jerome Baum wrote:
AFAIK, the CAs over here will just supply a card. There is no question
of whether the key is generated on-card or not -- the CA confirms this
implicitly with their certification
On Tue, May 10, 2011 at 07:42, Grant Olson k...@grant-olson.net wrote:
Okay, yeah, if the CA sets up the card, authenticates it with their
signing key, and ships it to you, then there would never be a separate
master key, no problem there. I get the feeling the card won't like it
if you try
Am Dienstag, 10. Mai 2011, 07:10:42 schrieb Jerome Baum:
an option for GnuPG: reject-subkey-signatures
No need to change OpenPGP for this.
This is possible only if it is safe for old implementations. I see one option
for that: A signature notation for this purpose could be defined and this
I don't see why it would need a standards change, or why the option can't
be, well, optional. We aren't trying to force all gpg installations to
conform, but to make it possible to configure an installation to conform.
Normal gpg should continue to function.
(Mobile/Handy)
Am 10.05.2011 15:33
Am Sonntag, 8. Mai 2011, 14:50:36 schrieb MFPA:
Mainly the key's owner, but could also protect others from relying on
signatures from a compromised key for which they have not received a
revocation certificate.
Right. The problem: Protection you don't know of. So seriously this additional
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Monday 9 May 2011 at 5:09:00 PM, in
mid:201105091809.05423.mailinglis...@hauke-laging.de, Hauke Laging
wrote:
Am Sonntag, 8. Mai 2011, 14:50:36 schrieb MFPA:
Mainly the key's owner, but could also protect others from relying on
Am Montag, 9. Mai 2011, 19:51:12 schrieb MFPA:
Could that be a form of attack? Bob and Mallory sign a contract of
some kind - it transpires the contract benefits Bob - Mallory tries to
make it look as if Bob had not signed.
That would not work for several reasons which arise not from
On Mon, May 9, 2011 at 18:09, Hauke Laging mailinglis...@hauke-laging.dewrote:
IMHO there are only two possibilities for making (a new version of) OpenPGP
signature law compatible:
a) The CA creates a mainkey and subkeys. The mainkey is destroyed
immediately
afterwards. That might be
On 05/10/2011 12:01 AM, Jerome Baum wrote:
c) Program the smart-card so it doesn't sign sub-keys? I'm not familiar with
the internals of smart-card implementations but the OpenPGP sub-key
signatures are of a different type than the data signatures. The smart-card
can probably recognize if it's
On 05/10/2011 12:32 AM, Jerome Baum wrote:
Is that an implementation problem? i.e. is it possible to write an
implementation that does distinguish, or is it technically impossible w/out
processing the entire data on-card?
As i understand the process, i think it would be necessary to pass all
On 5/10/2011 12:41 AM, Daniel Kahn Gillmor wrote:
On 05/10/2011 12:32 AM, Jerome Baum wrote:
Is that an implementation problem? i.e. is it possible to write an
implementation that does distinguish, or is it technically impossible w/out
processing the entire data on-card?
As i understand the
On Tue, May 10, 2011 at 07:01, Grant Olson k...@grant-olson.net wrote:
On 5/10/2011 12:41 AM, Daniel Kahn Gillmor wrote:
Maybe one of the folks with experience implementing these devices can
give more concrete details?
I can confirm. The cards only get the hash and sign that. The trouble
On 5/10/2011 1:10 AM, Jerome Baum wrote:
On Tue, May 10, 2011 at 07:01, Grant Olson k...@grant-olson.net
mailto:k...@grant-olson.net wrote:
On 5/10/2011 12:41 AM, Daniel Kahn Gillmor wrote:
Maybe one of the folks with experience implementing these devices can
give more
On Tue, May 10, 2011 at 07:30, Grant Olson k...@grant-olson.net wrote:
But there's no way to prove that the keys were originally generated
on-card, and weren't imported from a software private key where there
was never a separate master certification key.
AFAIK, the CAs over here will just
On 5/10/2011 1:35 AM, Jerome Baum wrote:
On Tue, May 10, 2011 at 07:30, Grant Olson k...@grant-olson.net
mailto:k...@grant-olson.net wrote:
But there's no way to prove that the keys were originally generated
on-card, and weren't imported from a software private key where there
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Sunday 8 May 2011 at 3:34:52 AM, in
mid:201105080434.57614.mailinglis...@hauke-laging.de, Hauke Laging
wrote:
There is probability but no safety in this assumption.
I have no idea what is the probability. I have seen no figures
relating
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Sunday 8 May 2011 at 3:21:41 AM, in
mid:4dc5fe35.5080...@sixdemonbag.org, Robert J. Hansen wrote:
The trial court ruled in favor of the farmers.
I remember literature from my bank saying that cheques did not need to
be on their printed
On Sat, May 7, 2011 at 04:33, Grant Olson k...@grant-olson.net wrote:
On 5/6/2011 10:05 PM, Hauke Laging wrote:
Several people have mentioned that a signature does not become invalid by
expiration of the key. That is formally correct an describes the GnuPG
behaviour. But with regard to
On Sat, May 7, 2011 at 01:43, MFPA expires2...@ymail.com wrote:
On Saturday 7 May 2011 at 12:11:06 AM, in
mid:BANLkTimNq9nxpf23=pe2n0rr1stnh3a...@mail.gmail.com, Jerome Baum
wrote:
Say my sub-key expired yesterday. Today, you come
up to me and ask me to sign something (say, a statement
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 7 May 2011 at 1:09:25 PM, in
mid:banlktimpo-bwz38icrfc-cudrkh968f...@mail.gmail.com, Jerome Baum
wrote:
Then I would say it is the recipients responsibility to
only accept reasonable signatures.
Fair enough. Reasonable is
Am Samstag, 7. Mai 2011, 15:54:21 schrieb MFPA:
and since the cost is so
low, that there is no point in not having them
(assuming, of course, that you separate master and
sub-keys).
You can't assume.
You can very well if you don't claim that for all cases but use this
assumption for
On Sat, May 7, 2011 at 15:54, MFPA expires2...@ymail.com wrote:
(snip huge email)
Next time can you read the whole email and reply to it as a whole?
As for signature checking, I stand by my point: Over here, signing a
document today and claiming on the signature that it was signed tomorrow is
Jerome Baum wrote:
On Sat, May 7, 2011 at 15:54, MFPA expires2...@ymail.com
mailto:expires2...@ymail.com wrote:
(snip huge email)
Next time can you read the whole email and reply to it as a whole?
As for signature checking, I stand by my point: Over here, signing a
document today
Hey not that any of this relates to the original question on digital
signatures, but interesting nonetheless so I guess let's keep it on the list
as OT.
On Sat, May 7, 2011 at 19:16, Jean-David Beyer jeandav...@verizon.netwrote:
When I was on a grand jury, the prosecutor said that while the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 7 May 2011 at 6:42:06 PM, in
mid:BANLkTi=-c_xijtne7+qyrlv06fj2d7z...@mail.gmail.com, Jerome Baum
wrote:
Hey not that any of this relates to the original
question on digital signatures, but interesting
nonetheless so I guess
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 7 May 2011 at 4:03:19 PM, in
mid:BANLkTi=ergk72zxrb46dwkc_dim0etg...@mail.gmail.com, Jerome Baum
wrote:
Next time can you read the whole email and reply to it
as a whole?
It's generally better to read the whole email and then
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 7 May 2011 at 3:06:16 PM, in
mid:201105071606.21732.mailinglis...@hauke-laging.de, Hauke Laging
wrote:
Am Samstag, 7. Mai 2011, 15:54:21 schrieb MFPA:
You can't assume.
You can very well if you don't claim that for all cases
On 5/7/2011 7:54 AM, Hauke Laging wrote:
Am Samstag, 7. Mai 2011, 04:33:17 schrieb Grant Olson:
1) I digitally sign a document saying I owe you money. The signing key
has an expiration date.
2) Key expires. I do nothing.
3) The original document is invalidated. I no longer owe you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 7 May 2011 at 8:50:45 PM, in
mid:BANLkTi=tg4z7mkwtnztwlhpjmhffznw...@mail.gmail.com, Jerome Baum
wrote:
We weren't talking about fraud and deception. Only
about lying -- rather, telling an untruth, which you
may or may not be
On Friday 06 May 2011, MFPA wrote:
Hi
On Friday 6 May 2011 at 8:48:03 PM, in
mid:201105062148.04...@thufir.ingo-kloecker.de, Ingo Klöcker wrote:
Unless I'm missing something the difference is as
follows: - With prolongation of the expiration time
releases signed before the
On Sat, May 7, 2011 at 22:47, Jerome Baum jer...@jeromebaum.com wrote:
On Sat, May 7, 2011 at 22:38, MFPA expires2...@ymail.com wrote:
As for the meaning of the date, whether it is supposed to mean the
date the signature was written or the date the instruction to pay
becomes effective or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 7 May 2011 at 9:52:51 PM, in
mid:BANLkTi=nwtmcchq96olpkhdmovunsoq...@mail.gmail.com, Jerome Baum
wrote:
I don't think you get what kind of assumption we are
talking about. There are two kinds:
1. I assume something is generally
On Sat, May 7, 2011 at 23:07, MFPA expires2...@ymail.com wrote:
On Saturday 7 May 2011 at 9:52:51 PM, in
mid:BANLkTi=nwtmcchq96olpkhdmovunsoq...@mail.gmail.com, Jerome Baum
wrote:
I don't think you get what kind of assumption we are
talking about. There are two kinds:
1. I assume
On Saturday 07 May 2011, MFPA wrote:
Hi
On Friday 6 May 2011 at 10:18:29 PM, in
mid:banlktin2w8ljxyghv3_5npfbsibhrp9...@mail.gmail.com, Jerome Baum
wrote:
If my key expired yesterday, no-one can
forge a message with that key and claim it's from
today.
Never heard of a system
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 7 May 2011 at 9:56:14 PM, in
mid:201105072256.15...@thufir.ingo-kloecker.de, Ingo Klöcker wrote:
It depends on your definition of valid. In my book a
signature can only be valid if the corresponding key
is valid. Expired keys
On Sunday 08 May 2011, Grant Olson wrote:
===
You seem to send messages from the future. ;-)
On 5/6/11 3:48 PM, Ingo Klöcker wrote:
On Thursday 05 May 2011, Hauke Laging wrote:
What is the difference between these two options with respect to
the point of confusion?
2011/5/7 Ingo Klöcker kloec...@kde.org
This explains why digital signatures with legally binding date often
(always?) require a timestamp by a certified third party.
Not always (every statement of intent is binding, even w/out a notary), but
e.g. over here (Germany) for a digital signature to
2011/5/7 MFPA expires2...@ymail.com
On Saturday 7 May 2011 at 9:56:14 PM, in
mid:201105072256.15...@thufir.ingo-kloecker.de, Ingo Klöcker wrote:
It depends on your definition of valid. In my book a
signature can only be valid if the corresponding key
is valid. Expired keys are not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 7 May 2011 at 10:21:17 PM, in
mid:banlktinacqcd+mz7fl1thlk55x2+u9g...@mail.gmail.com, Jerome Baum
wrote:
On digital signatures being legally binding, apparently
a scanned bitmap of your signature is enough to be
binding (as
On 05/07/2011 02:49 PM, MFPA wrote:
What is to stop that scanned bitmap of a person's signature being
applied to a document the individual has no knowledge about?
Nothing. That's the nature of physical signatures.
A physical signature binds tightly to the individual (handwriting being
hard to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 7 May 2011 at 10:22:33 PM, in
mid:banlktimrobi47ottgokkveeoh-ayroo...@mail.gmail.com, Jerome Baum
wrote:
Definitely. I get his point about rejecting them
entirely though, as it is (and that's what this
dicussion is all about)
On 5/7/2011 5:08 PM, Ingo Klöcker wrote:
On Sunday 08 May 2011, Grant Olson wrote:
===
You seem to send messages from the future. ;-)
That's funny.
I wanted to make sure I wasn't lying before replying. A little later I
was deploying code to some servers. After the update
On Sun, May 8, 2011 at 03:13, Jerome Baum jer...@jeromebaum.com wrote:
On Sat, May 7, 2011 at 23:56, Robert J. Hansen r...@sixdemonbag.orgwrote:
On 05/07/2011 02:49 PM, MFPA wrote:
What is to stop that scanned bitmap of a person's signature being
applied to a document the individual has no
On Sat, May 7, 2011 at 23:56, Robert J. Hansen r...@sixdemonbag.org wrote:
On 05/07/2011 02:49 PM, MFPA wrote:
What is to stop that scanned bitmap of a person's signature being
applied to a document the individual has no knowledge about?
Nothing. That's the nature of physical signatures.
On May 7, 2011, at 5:49 PM, MFPA wrote:
On Saturday 7 May 2011 at 10:21:17 PM, in
mid:banlktinacqcd+mz7fl1thlk55x2+u9g...@mail.gmail.com, Jerome Baum
wrote:
On digital signatures being legally binding, apparently
a scanned bitmap of your signature is enough to be
binding (as would be no
On Sun, May 8, 2011 at 03:50, David Shaw ds...@jabberwocky.com wrote:
Incidentally, speaking of bitmap signatures - a signature made via a
rubber stamp of a signature can be binding under certain circumstances as
well (at least in the US - I don't know about elsewhere).
Often enough you
On 05/07/2011 09:50 PM, David Shaw wrote:
Incidentally, speaking of bitmap signatures - a signature made via
a rubber stamp of a signature can be binding under certain
circumstances as well (at least in the US - I don't know about
elsewhere).
Within the U.S., the standard doesn't involve
Am Samstag, 7. Mai 2011, 21:43:38 schrieb MFPA:
At what point does it become safe to assume that an individual with
expiry dates on their subkeys keeps their master key securely offline?
There is probability but no safety in this assumption. But it this relevant?
How and whom is an expiration
On May 7, 2011, at 10:21 PM, Robert J. Hansen wrote:
On 05/07/2011 09:50 PM, David Shaw wrote:
Incidentally, speaking of bitmap signatures - a signature made via
a rubber stamp of a signature can be binding under certain
circumstances as well (at least in the US - I don't know about
On Sun, May 8, 2011 at 00:07, MFPA expires2...@ymail.com wrote:
Maybe we could use something like
http://www.itconsult.co.uk/stamper.htm
I checked the newsgroup (only through Google, last posting from '05) and
don't see the signatures being posted anymore. Can anyone confirm this?
--
Jerome
On Sun, May 8, 2011 at 04:53, David Shaw ds...@jabberwocky.com wrote:
I knew a man (a lawyer, as it happened) who always signed documents with
several loops in a row. When I asked him why he didn't use a real
signature (i.e. why he didn't sign his name), he just grinned and said
Who's to say
On May 7, 2011, at 10:57 PM, Jerome Baum wrote:
On Sun, May 8, 2011 at 00:07, MFPA expires2...@ymail.com wrote:
Maybe we could use something like
http://www.itconsult.co.uk/stamper.htm
I checked the newsgroup (only through Google, last posting from '05) and
don't see the signatures being
On May 7, 2011, at 11:04 PM, Jerome Baum wrote:
On Sun, May 8, 2011 at 04:53, David Shaw ds...@jabberwocky.com wrote:
I knew a man (a lawyer, as it happened) who always signed documents with
several loops in a row. When I asked him why he didn't use a real
signature (i.e. why he didn't
Shaw ds...@jabberwocky.com
Date: Sun, May 8, 2011 at 05:15
Subject: Re: Best practice for periodic key change?
To: Jerome Baum jer...@jeromebaum.com
Cc: MFPA expires2...@ymail.com, Jerome Baum on GnuPG-Users
gnupg-users@gnupg.org
On May 7, 2011, at 10:57 PM, Jerome Baum wrote:
On Sun, May 8, 2011
On Thu, May 5, 2011 at 4:10 PM, Doug Barton do...@dougbarton.us wrote:
On 05/04/2011 23:52, Andreas Heinlein wrote:
We have a OpenPGP key which we use for signing our software releases.
That key should be changed yearly and carry an expiration date to
enforce this change.
What are you
Am 05.05.2011 22:10, schrieb Doug Barton:
On 05/04/2011 23:52, Andreas Heinlein wrote:
We have a OpenPGP key which we use for signing our software releases.
That key should be changed yearly and carry an expiration date to
enforce this change.
What are you trying to accomplish by doing it
On 05/05/2011 23:22, Andreas Heinlein wrote:
Like Werner said, many people never refresh their keys, so
expiring is indeed a way to force them to do that. ( I admit that, in
our case, even this will not help, since gpg will happily verify a
signature made by an expired key. It will tell you that
On 05/06/2011 03:47 AM, Doug Barton wrote:
There's also another element, the expiration date is irrelevant if the
key is actually compromised. If Eve has your secret key she can simply
update or remove the expiration date, and upload the new version of the
public key to the public keyservers.
Am Freitag, 6. Mai 2011, 09:47:57 schrieb Doug Barton:
There's also another element, the expiration date is irrelevant if the
key is actually compromised. If Eve has your secret key she can simply
update or remove the expiration date, and upload the new version of the
public key to the public
On Thursday 05 May 2011, Hauke Laging wrote:
Am Donnerstag, 5. Mai 2011, 11:19:30 schrieb Werner Koch:
A
period key change is problematic because it confuses those who want
to verify the signatures.
BTW, the prolongation of the expiration time has showed (by means
of a lot of
On 05/06/2011 08:34, Hauke Laging wrote:
Am Freitag, 6. Mai 2011, 09:47:57 schrieb Doug Barton:
There's also another element, the expiration date is irrelevant if the
key is actually compromised. If Eve has your secret key she can simply
update or remove the expiration date, and upload the new
On Fri, May 6, 2011 at 22:37, Doug Barton do...@dougbarton.us wrote:
I don't understand this response. What I'm saying is that if the key is
compromised, expiration dates become irrelevant.
Up to a point. If my key expired yesterday, no-one can forge a message with
that key and claim it's
On 5/6/11 4:48 PM, Jerome Baum wrote:
On Fri, May 6, 2011 at 22:37, Doug Barton do...@dougbarton.us
mailto:do...@dougbarton.us wrote:
I don't understand this response. What I'm saying is that if the key
is compromised, expiration dates become irrelevant.
Up to a point. If my
On 05/06/2011 13:48, Jerome Baum wrote:
On Fri, May 6, 2011 at 22:37, Doug Barton do...@dougbarton.us
mailto:do...@dougbarton.us wrote:
I don't understand this response. What I'm saying is that if the key
is compromised, expiration dates become irrelevant.
Up to a point. If my key
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Friday 6 May 2011 at 8:48:03 PM, in
mid:201105062148.04...@thufir.ingo-kloecker.de, Ingo Klöcker wrote:
Unless I'm missing something the difference is as
follows: - With prolongation of the expiration time
releases signed before the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Friday 6 May 2011 at 9:48:26 PM, in
mid:banlktim3-dgy2ngvetevfjsxng8m5c2...@mail.gmail.com, Jerome Baum
wrote:
If my key expired yesterday, no-one can
forge a message with that key and claim it's from
today.
Never heard of a system
Meant to sent on-list...
Original Message
Subject: Re: Best practice for periodic key change?
Date: Sun, 08 May 2011 16:39:34 -0400
From: Grant Olson k...@grant-olson.net
To: Ingo Klöcker kloec...@kde.org
On 5/6/11 3:48 PM, Ingo Klöcker wrote:
On Thursday 05 May 2011, Hauke
On Fri, May 6, 2011 at 23:07, MFPA expires2...@ymail.com wrote:
On Friday 6 May 2011 at 9:48:26 PM, in
mid:banlktim3-dgy2ngvetevfjsxng8m5c2...@mail.gmail.com, Jerome Baum
wrote:
If my key expired yesterday, no-one can
forge a message with that key and claim it's from
today.
Never
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Friday 6 May 2011 at 10:18:29 PM, in
mid:banlktin2w8ljxyghv3_5npfbsibhrp9...@mail.gmail.com, Jerome Baum
wrote:
If my key expired yesterday, no-one can
forge a message with that key and claim it's from
today.
Never heard of a system
On Sat, May 7, 2011 at 00:40, MFPA expires2...@ymail.com wrote:
On Friday 6 May 2011 at 10:18:29 PM, in
mid:banlktin2w8ljxyghv3_5npfbsibhrp9...@mail.gmail.com, Jerome Baum
wrote:
If my key expired yesterday, no-one can
forge a message with that key and claim it's from
today.
Suppose
On Sat, May 7, 2011 at 01:01, Jerome Baum jer...@jeromebaum.com wrote:
Okay, let me rephrase that. claim it's from today should have been have
the signature date as today. That's how I would interpret such a claim.
Email headers don't really make a difference -- they would have signed it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 7 May 2011 at 12:11:06 AM, in
mid:BANLkTimNq9nxpf23=pe2n0rr1stnh3a...@mail.gmail.com, Jerome Baum
wrote:
Actually let me put this in context so you see what I
mean.
I already see what you mean; I just happen to disagree. (-;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 7 May 2011 at 12:01:30 AM, in
mid:banlktik+i0ml2fozkzbzpt+ykoojycs...@mail.gmail.com, Jerome Baum
wrote:
Email
headers don't really make a difference -- they would
have signed it yesterday and sent it today, but the
message is
Am Freitag, 6. Mai 2011, 21:48:03 schrieb Ingo Klöcker:
What is the difference between these two options with respect to the
point of confusion?
Unless I'm missing something the difference is as follows:
- With prolongation of the expiration time releases signed before the
prolongation
Am Freitag, 6. Mai 2011, 22:37:12 schrieb Doug Barton:
That's not correct for subkeys and offline mainkeys as the good guys do
it.
I don't understand this response. What I'm saying is that if the key is
compromised, expiration dates become irrelevant. Perhaps you could
expand your
On 5/6/2011 10:05 PM, Hauke Laging wrote:
Several people have mentioned that a signature does not become invalid by
expiration of the key. That is formally correct an describes the GnuPG
behaviour. But with regard to content in such a case there has to be an
additional proof that the
Hello,
I hope you can give me some advice on the following problem:
We have a OpenPGP key which we use for signing our software releases.
That key should be changed yearly and carry an expiration date to
enforce this change. However, for the signatures to be useful, the key
has to be signed by
On Thu, 5 May 2011 08:52, aheinl...@gmx.com said:
We have a OpenPGP key which we use for signing our software releases.
That key should be changed yearly and carry an expiration date to
enforce this change. However, for the signatures to be useful, the key
has to be signed by quite a lot of
Am Donnerstag, 5. Mai 2011, 11:19:30 schrieb Werner Koch:
A
period key change is problematic because it confuses those who want to
verify the signatures.
BTW, the prolongation of the expiration time has showed (by means of a
lot of complaining mails) that many folks don't refresh the key
On Thu, 5 May 2011 17:07, mailinglis...@hauke-laging.de said:
Are there people who check the subkey IDs of old and new signatures, get
confused by a change despite of gpg saying it's all right (which IMHO demands
they have not understood the concept of subkeys)?
No they are confused that I
Hauke Laging wrote:
BTW: Would it be a good idea for gpg to suggest the user to check for an
updated version of the key (or do it automatically before if configured to do
so) if it find an expired subkey? This would probably not work with the GUIs
though (but might make the GUI developers
On 5/5/11 2:52 AM, Andreas Heinlein wrote:
Hello,
I hope you can give me some advice on the following problem:
We have a OpenPGP key which we use for signing our software releases.
That key should be changed yearly and carry an expiration date to
enforce this change. However, for the
On 05/04/2011 23:52, Andreas Heinlein wrote:
We have a OpenPGP key which we use for signing our software releases.
That key should be changed yearly and carry an expiration date to
enforce this change.
What are you trying to accomplish by doing it this way? I've yet to see
a good rationale
83 matches
Mail list logo
