[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Behavior of implementations regarding certain key material
* Werner Koch wrote:
>On Tue, 30 May 2000, Lutz Donnerhacke wrote:
>> But certificates of expired keys are still valid.
>However, this depends on the reason of certification.
>For example, a revocation may have been issued to express that the
>key has been compromised long time in the past and therefore the
>signature has never been valid.
Every certificate of an revoked key is invalid. In law all certificates with
has a timestamp before the key revokation timestamp are valid. German law
contains a protocol error to not require the timestamp at receiver's end.
>It is not easy to check this because it may be a pre-generated revocation
>or a malicious revocation.
Definititly. That's why the law requires a timestamp on revokation and