[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Key Eater Needed

To: [email protected] (Eric Hughes)
Subject: Re: Key Eater Needed
From: Derek Atkins <[email protected]>
Date: Sun, 17 Apr 94 12:21:31 EDT
Cc: [email protected], [email protected]
In-Reply-To: Your message of Sun, 17 Apr 94 07:54:18 -0700. <[email protected]>
Sender: [email protected]

> One way to expire keys is to simply declare that any old PGP key more
> than two years old is expired.

No, this is a bad idea.  Any arbitrary setting of expire time by the
keyserver is a bad idea.  It is the key owner that should set the
timeout of the PGP key (there is an expiration time in the key
certificate, but the current implementation sets it to zero and
ignores the field).  There are people that have longer or shorter
keys, and its possible that they might want longer or shorter
expiration times.

I think that there are a few things that can and should be done.
First, a revoked key should get all signatures removed from that key
(and possibly any signatures that key made should disappear as well).
Also, revoked keys should probably time out from the keyservers after
some period of time.

-derek

         Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory
       Member, MIT Student Information Processing Board (SIPB)
    Home page: http://www.mit.edu:8001/people/warlord/home_page.html
       [email protected]    PP-ASEL     N1NWH    PGP key available

Follow-Ups:
- Key Eater Needed
  - From: [email protected] (Eric Hughes)

References:
- Key Eater Needed
  - From: [email protected] (Eric Hughes)

Prev by Date: If however Dolphin Encrypt was extremely strong ...
Next by Date: Re: 'Nother MIT talk on crypto...
Prev by thread: Key Eater Needed
Next by thread: Key Eater Needed
Index(es):
- Date
- Thread