[ale] What happen when...

Derek Atkins warlord at MIT.EDU
Mon Sep 8 12:09:38 EDT 2014


James Earl Smith <feenix3k at aim.com> writes:

> I was just wondering what happens to a valid signature on a gpg key
> when the key is revoked or goes out of date ?
>
> I have two keys that are a few years old. I looked over the signatures
> of the keys that signed mine , several have been revoked. So, does
> this lessen the strength of my key, are the signatures are still valid?

It's all about interpretation, which is all in the eye of the beholder.
RFC 4880 (the latest OpenPGP specification) does not talk about that.

Technically, yes, the signature will still verify even when the key has
expired.  However most implementations will notice the expiration and
effectively ignore any trust from that.

> James Earl Smith

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available


More information about the Ale mailing list