On Sat, May 7, 2011 at 04:33, Grant Olson <k...@grant-olson.net> wrote:
> On 5/6/2011 10:05 PM, Hauke Laging wrote: > > > > Several people have mentioned that a signature does not become invalid by > > expiration of the key. That is formally correct an describes the GnuPG > > behaviour. But with regard to content in such a case there has to be an > > additional proof that the signature has been made before the key expired. > This > > is a formal rule in e.g. the German signature law. If you want to use > legally > > accepted signatures for proving documents then you have to sign both the > > document and the old signature by a new key (i.e. one with a later > expiration > > date) before the old key expires. > > > > I know nothing about German laws, but that just doesn't sound right to me. > > 1) I digitally sign a document saying I owe you money. The signing key > has an expiration date. > > 2) Key expires. I do nothing. > > 3) The original document is invalidated. I no longer owe you money? Do realize that it is necessary to resign from a practical standpoint (while I don't agree about the implication to a signature from an expired sub-key, yes you can set back your system clock), plus it's not the document that makes you owe me money. You owe me the money and the document only testifies this. -- Jerome Baum tel +49-1578-8434336 email jer...@jeromebaum.com -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users