-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Saturday 7 May 2011 at 1:09:25 PM, in <mid:banlktimpo-bwz38icrfc-cudrkh968f...@mail.gmail.com>, Jerome Baum wrote: > Then I would say it is the recipients responsibility to > only accept "reasonable" signatures. Fair enough. "Reasonable" is subjective. > As you say, it is > only an "attempt" to generate deniability -- nobody > who's right in their mind would accept a signature on a > document that is dated before the document itself. In which case your attempt to generate plausible deniability would have fooled anybody "who's right in their mind" (because they all believe the signature timestamp has some meaning besides being the time/date your system clock happened to be set on when you created the signature). I'm not sure I buy that. > Assuming a responsible recipient, the expiration date > makes sense. Yes, a responsible recipient would refresh > their keys. Yes, man-in-the-middle. The expiration date > makes a difference here. In the edge-case scenario you described previously (where the key only expired the previous day) I doubt it would make much difference. Even the weak evidence of the email headers and server logs suggesting your system clock had been incorrectly set a day behind could be enough to make your deniability implausible. > But I > have no idea of knowing when it was signed, so I have > to assume it is when it was allegedly signed That was exactly my point. > -- and > yes, this is a problem under certain circumstances. > However, there is at least one circumstance where the > expiration date *does* make a difference, which is the > document dated in the future relative to the signature > timestamp, from a then-already expired key. So in at > least one case, the expiration date helps. A non-digital example of a document signed with a date in the future is the post-dated cheque, which is supposed to be worthless until the date written on it. Several people sent me cheques as wedding gifts, which they dated with our wedding day but we received them during the couple of weeks before. Most of those were banked the day after we received them, rather than waiting until we returned from our honeymoon. A bank clerk tried to refuse the last one I paid in on the Friday afternoon before our wedding but I persisted and he accepted it. The date in the future should have made a difference to those cheques but did not. (In the case of the last cheque that was queried, it made no difference because it would be the Monday two days *after* the date on the cheque that it was presented to the payee's branch for payment.) I suspect that fact of the signature timestamp and the key expiry date being before the date stated on the document, is something it would be unwise to rely upon in court. Especially if the other side produced an "expert" witness who testified about the triviality of altering a system clock. > Let's get a concrete idea of such a "document". Say I > want a statement from you that you legally have access > to an email account today. Today is 2011-05-07. I have > your key, with a signing sub-key that expired in 2010. > I refresh your key but Mallory manipulates the traffic > and so a revocation certificate wouldn't have helped. > It's a good thing that your sub-key expired, though, > because I won't accept the signature from that sub-key > as I'm looking for an up-to-date statement. In fact, > I'll probably want: "As of 2011-05-07, I legally have > access to em...@example.com". There is *no way* I would > accept that when the signature is dated in 2010. Several months out (because it expired last year) is different to your previous case of several hours out (because it expired yesterday). I could put the clock back exactly a year and some recipients may not spot one digit being different, but they are more likely to notice that than to notice the day being off (unless it occurs early in the new year before they have got used to spotting the year without thinking about it). > Does that make my point more clear? I wasn't saying > that under all circumstances the expiration date helps. > That would be crazy. I was saying that there are > circumstances where it does, It helps to raise a question in the mind of the person viewing the signature (if they spot it). > and since the cost is so > low, that there is no point in not having them > (assuming, of course, that you separate master and > sub-keys). You can't assume. - -- Best regards MFPA mailto:expires2...@ymail.com Life is a holiday. In the same way that glass is a liquid. -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJNxU8TnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pvD8EAIA6 yHvGXM/rrzbfEpsGMptqQcVNOTFPgH8xxqdJpVrvlu1OYZ3OhHiW4kQV+vGVIzn6 SWci1bAJ3sI15o9cBIRIRoiA4lJhh7JBkgsoQ4o/ToS0QncD16cjZ46nyhPTFVfD HZfAxArfylJ6+603yA7xycf2Lh++2uzaQV4+wFtu =97P4 -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users