[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Revoking Old Lost Keys
I was thinking of two dates, an expire and a warn. Admittedly, adding
a few bytes to a key is not a big deal, but neither is the gain from a
warn and expire date. If you want to be able to set a bit for 'use
after expire,' I would see that as a reasonable thing.
Adam
Deranged Mutant wrote:
| Adam Shostack <[email protected]> wrote:
|
| DM wrote:
|
| > | PGP should give a warning when the key passes the expiration date. It
| > | should not prevent you from using it, but should remind you that the
| > | key is rather old, and that the owner may have moved, etc.
| [..]
| > Expire should mean expire, i.e., no longer valid, useful or
| > useable. If you want to have a 'depreciated after' and an expire
| > date, that might be useful, but it seems more like feeping creaturitis
| > to me. It adds bulk to every key, when a better solution would be to
| > have keys automatically deprecitated some time before they are due to
| > expire.
|
| The reason I think a warning option is good (really, 1 bit bit flag
| for warn rather than kill... that's "bulk" to every key?) is so that
| if for whatever reason the key is used (say I am unable to get a
| newer key for you but really need to send you a private message) I
| have something to use... and you, if you choose to hold onto old
| keys, can decrypt it. If not, the sender was warned.
--
"It is seldom that liberty of any kind is lost all at once."
-Hume