On Saturday 07 May 2011, MFPA wrote: > Hi > > > On Friday 6 May 2011 at 10:18:29 PM, in > <mid:banlktin2w8ljxyghv3_5npfbsibhrp9...@mail.gmail.com>, Jerome Baum > > wrote: > >>> If my key expired yesterday, no-one can > >>> forge a message with that key and claim it's from > >>> today. > >> > >> Never heard of a system clock that was wrong? > > > > I'll give a summary reply here for everyone stating > > it's still possible to make that signature. It's > > possible if the master key is compromised. I was > > assuming a sub-key with an expiration date. > > It is trivial to make that signature without compromising the master > key. > > Suppose your master key is secure and offline but Mallory has control > of your subkey that expired yesterday. Mallory can put their system > clock back 24hrs to sign and send a message, and then truthfully > claim the message was signed today. They can back up this claim with > email headers and server logs demonstrating the clock discrepancy.
This explains why digital signatures with legally binding date often (always?) require a timestamp by a certified third party. Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
