[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Revoking Old Lost Keys



I was thinking of two dates, an expire and a warn.  Admittedly, adding
a few bytes to a key is not a big deal, but neither is the gain from a
warn and expire date.  If you want to be able to set a bit for 'use
after expire,' I would see that as a reasonable thing.

Adam

Deranged Mutant wrote:

| Adam Shostack <[email protected]> wrote:
| 
| DM wrote:
| 
| > | PGP should give a warning when the key passes the expiration date. It
| > | should not prevent you from using it, but should remind you that the
| > | key is rather old, and that the owner may have moved, etc.
| [..]
| > 	Expire should mean expire, i.e., no longer valid, useful or
| > useable.  If you want to have a 'depreciated after' and an expire
| > date, that might be useful, but it seems more like feeping creaturitis
| > to me.  It adds bulk to every key, when a better solution would be to
| > have keys automatically deprecitated some time before they are due to
| > expire.
| 
| The reason I think a warning option is good (really, 1 bit bit flag 
| for warn rather than kill... that's "bulk" to every key?) is so that 
| if for whatever reason the key is used (say I am unable to get a 
| newer key for you but really need to send you a private message) I 
| have something to use... and you, if you choose to hold onto old 
| keys, can decrypt it.  If not, the sender was warned.



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume