On Tue, Dec 03, 2013 at 07:26:09PM -0500, Robert J. Hansen wrote: > On 12/3/2013 6:59 PM, Hauke Laging wrote: > > It may be possible to prevent someone from seeing the revocation > > certificate. Certificate distribution is a lot less secure than the > > keys themselves. But you cannot trick someone into using an expired > > key. > > Of course you can. Reset their computer's clock. You don't even have > to compromise their computer in order to do it: compromising whatever > NTP server they're contacting is enough.
AFAIK by default ntpd dismisses changes to the RTC when NTP time is off more than 15 min of the RTC. One would need a special flag to force it to update the clock in this case. (at least the ntpd I used) So you could only delay the expiration date by 15 min... So useful ? _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
