* Werner Koch wrote:
On Tue, 30 May 2000, Lutz Donnerhacke wrote:
But certificates of expired keys are still valid.
However, this depends on the reason of certification.
No.
For example, a revocation may have been issued to express that the
key has been compromised long time in the past and therefore the
signature has never been valid.
Every certificate of an revoked key is invalid. In law all certificates with
has a timestamp before the key revokation timestamp are valid. German law
contains a protocol error to not require the timestamp at receiver's end.
It is not easy to check this because it may be a pre-generated revocation
or a malicious revocation.
Definititly. That's why the law requires a timestamp on revokation and
ultimate publication.