[Top] [All Lists]

Re: Key expiration

1999-07-12 16:01:56
Jon Callas <jon(_at_)callas(_dot_)org>:
At 5:44 AM -0700 7/9/1999, Bodo Moeller said:

   Me too.  I did not detail this in my previous message, but IMO the way
   to go is to use short validity periods on your encryption keys (so
   that if you let them expire, no-one will send you mail encrypted to
   those keys any more; an additional advantage is that you can change
   the cipher preferences etc. if you switch to newer software versions)
   and a longer validity period for the signing key.  Also your signing
   key could use a long _key_ validity period, but short _signature_
   validity periods for the self-signatures; then the key validity
   period, if defined, should be used by others who certify that key.
   A signing key is really invalid only when publishing its secret part
   cannot break anything (not that I recommend doing so ...).

   > [...]

   The self-signature!  Not the whole key, unless you don't re-validate.
   For this, a signature validity period should be used, not a key
   validity period.

We're in violent agreement here.

The problem is that "key expiration" in OpenPGP (well, actually in the V4
data structures) is in the self signature. If you look at the V3 key
packet, there's a key expiration. In the V4 structure, it is gone. It's in
the self-sig.

That's what I wrote in my previous message, isn't it?  The point here
is that the self-signature can define _two_ validity periods: A key
validity period (section, which should be evaluated by others
when certifying the key so that an expired key is guaranteed to be
considered invalid by those trusting the certficate, and a
self-signature validity period (section, which certainly can
be much shorter than the total key validity period.