Re: Revoking Old Lost Keys

["Deranged Mutant" <WlkngOwl@UNiX.asb.com>]

Adam Shostack <adam@lighthouse.homeport.org> wrote:

I wrote:

> | PGP should give a warning when the key passes the expiration date. It
> | should not prevent you from using it, but should remind you that the
> | key is rather old, and that the owner may have moved, etc.
[..]

> 	Expire should mean expire, i.e., no longer valid, useful or
> useable.  If you want to have a 'depreciated after' and an expire
> date, that might be useful, but it seems more like feeping creaturitis
> to me.  It adds bulk to every key, when a better solution would be to
> have keys automatically deprecitated some time before they are due to
> expire.

The reason I think a warning option is good (really, 1 bit bit flag 
for warn rather than kill... that's "bulk" to every key?) is so that 
if for whatever reason the key is used (say I am unable to get a 
newer key for you but really need to send you a private message) I 
have something to use... and you, if you choose to hold onto old 
keys, can decrypt it.  If not, the sender was warned.


> 	Also, the ability to extend the life of a key is fraught with
> danger.  The longer a key is around, the more likely it is to become
> comprimised.  The user might not be aware that the key is comprimised.
> Better to have an unchangeable date.  (On a more technical level,
> allowing users to change the expiry date on a key means that the key's
> expiry date is not signed by the signatories, and an opponent who
> comprimised a key could simply change the expiry date on that key and
> send it to the servers, so that it would continue to be used, and your
> opponent could continue to read all your communications.)
> 
> Adam
> 
> -- 
> "It is seldom that liberty of any kind is lost all at once."
> 					               -Hume
> 
> 
> 
--- "Mutant" Rob <wlkngowl@unix.asb.com>

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.