[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-openpgp-rfc2440bis-06.txt

On Fri, 20 Sep 2002 23:09:23 -0700, Jon Callas said:

> My opinion (still) is that it isn't a bug, it's a feature. I want someday to
> make keys that have short-lived self-signatures on them that are regularly

I fully agree.  Furthermore, due to the possibility to set an
expiration date on a key signatature, a "CA" gains the same effect as
with an expiration date on the key.  It is about what a trusted
authority sees as a sound expiration date.  This may either be a key
signator by using the signature expiration time or the key owner by
setting the expiration date on his key signatures (self-signature).

PGP has the tradtion to to let the user decide and not some other
entity.  With the OpenPGP model the user is even free to ask a CA to
set an expiration date on their key signature.  

By default GnuPG uses the expiration date of the self-signature as the
one for a key signature.  This is on Florian Weimer's request and afaik
is sufficient for him and his use of the PGP PKI.