[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Key Eater Needed



>Hal Finney suggests expiring old keys. The first thing we would need is a
>way to clear the keyservers of such dead keys. 

One way to expire keys is to simply declare that any old PGP key more
than two years old is expired.

>There is no way to know now when a key was sent to a server, so it is hard
>to know when to delete it. 

You can use the date in the PGP key structure to timeout on.

>The web of trust model does not lend itself easily to key expirations,
>because this requires you to frequently get people to re-sign your key,
>and to re-sign the keys of others. This creates the opportunity for the
>"here's my new key, and I haven't got it resigned yet" attack. 

Everyone should sign their new keys with their old ones.  

Eric