-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 02/10/2015 12:28 PM, Peter Lebbing wrote: > On 09/02/15 20:34, Daniel Kahn Gillmor wrote: >> the *date* of your "key was superceded" revocation is relevant, >> though. Any certifications that claim to have happened after the >> date of the revocation *should* be considered invalid, whereas >> revocations that happen before that date (but after the key >> creation date) should retain their validity. >
... > > That's twenty minutes later. I don't see a reason for GnuPG to > round to full days when it has resolution down to the second for > the times the signatures (data, revocation) are made... is there? No > > The RFC clearly states "key superseded" doesn't invalidate old > signatures: And it doesn't > >> However, if it was merely superseded or retired, old signatures >> are still valid. > > But using GnuPG 2.0.26 on Debian jessie/testing, package 2.0.26-4, > I can reproduce signatures becoming invalid... what's going on? > Does GnuPG not implement the RFC here or is it a bug? No, the signature is still valid: > $ gpg2 --verify test.gpg gpg: Signature made Tue 10 Feb 2015 > 11:53:47 CET using RSA key ID B2F1C0D8 > gpg: Good signature from "Testkey 3" [unknown] ^^^^^^^^^^^^^^^^^^^^^^ > gpg: WARNING: This key has been revoked by its owner! gpg: > This could mean that the signature is forged. gpg: reason for > revocation: Key is superseded gpg: revocation comment: Test > revocation gpg: WARNING: This key is not certified with a trusted > signature! gpg: There is no indication that the signature > belongs to the owner. Primary key fingerprint: EFF1 596F 1A68 F708 > 8699 579D 0815 4E55 B2F1 C0D8 ... However you have an unknown situation wrt the validity of the key having issued the signature, you get the additional information and you need to make your own considerations as to the validity of the key at the present stage - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Credo quia absurdum I believe it because it is absurd -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJU2fECAAoJEP7VAChXwav6ou8IAK9zhGomCj7qmpBgo2DOn0BM fLTJXb3iUvDQgzuzYi+UIrj5L+2CaCllSQlFdDkcZfaH0FbT184j39VAhhc73liR VhLqn2kSByi8OQTMjR0A7OdMCKDExgcI98jr5GF4v4KsSnwk61BYnrTtGVb7/h0L kqQwIFxwVSrbxxFouv5nG5dQeAWW26YyDpPmUDTyaF3ANuCeDEtpfE1UrI9NBRMH T6xUoHW45OxkZkodDIbTwT8FpUZpM24d5oYqO+Fmyy7JcNUW8Z+iHhFhtv+6Xvpy dPISOnkXI8hstPrFDmKB8nYleU4vhlf5LEqCcaqcnxNvbczGUPIV+1rjAcJ5+TA= =MCEY -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users