[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Key Eater Needed
> One way to expire keys is to simply declare that any old PGP key more
> than two years old is expired.
No, this is a bad idea. Any arbitrary setting of expire time by the
keyserver is a bad idea. It is the key owner that should set the
timeout of the PGP key (there is an expiration time in the key
certificate, but the current implementation sets it to zero and
ignores the field). There are people that have longer or shorter
keys, and its possible that they might want longer or shorter
expiration times.
I think that there are a few things that can and should be done.
First, a revoked key should get all signatures removed from that key
(and possibly any signatures that key made should disappear as well).
Also, revoked keys should probably time out from the keyservers after
some period of time.
-derek
Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
Home page: http://www.mit.edu:8001/people/warlord/home_page.html
[email protected] PP-ASEL N1NWH PGP key available