[Monotone-devel] Re: key trust

monotone-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Monotone-devel] Re: key trust

From:	Lapo Luchini
Subject:	[Monotone-devel] Re: key trust
Date:	Thu, 13 Oct 2005 19:48:21 +0200
User-agent:	Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.6) Gecko/20050317 Thunderbird/1.0.2 Mnenhy/0.7.2.0 Hamster/2.0.0.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Richard Levitte - VMS Whacker wrote:
> I think you're operating under some false assumptions.  Just because a
> certificate was revoked yesterday, it doesn't mean that a signature
> made a week ago suddenly becomes invalid.

EXCEPT when the revocation reason is "key compromise", in that case you
can't even trust old signatures from that key. ;-)
(as they could be only "apparently" old, or the compromise could have
been discovered only much after the damage was done)

- --
L a p o   L u c h i n i
l a p o @ l a p o . i t
w w w . l a p o . i t /
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Cygwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iEYEARECAAYFAkNOneUACgkQaJiCLMjyUvs7dgCfTnh2RFzWdGZDcCTpmDfWIHlO
nXIAmgLzkloYkdKKRnC6zDzFsfSnxY/s
=HVK1
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Monotone-devel] Re: key trust, (continued)

Prev by Date: Re: [Monotone-devel] Re: rfc on h: selector behavior
Next by Date: [Monotone-devel] Transport encryption - HTTPS?
Previous by thread: Re: [Monotone-devel] Re: key trust
Next by thread: Re: [Monotone-devel] Re: key trust
Index(es):
- Date
- Thread