Re: Behavior of implementations regarding certain key material

[lutz@xxxxxxxxxxx (Lutz Donnerhacke)]

* Werner Koch wrote:
>On Tue, 30 May 2000, Lutz Donnerhacke wrote:
>> But certificates of expired keys are still valid.
>
>However, this depends on the reason of certification.

No.

>For example, a revocation may have been issued to express that the
>key has been compromised long time in the past and therefore the
>signature has never been valid.

Every certificate of an revoked key is invalid. In law all certificates with
has a timestamp before the key revokation timestamp are valid. German law
contains a protocol error to not require the timestamp at receiver's end.

>It is not easy to check this because it may be a pre-generated revocation
>or a malicious revocation.

Definititly. That's why the law requires a timestamp on revokation and
ultimate publication.