Jon Callas <jon(_at_)callas(_dot_)org>:
At 5:44 AM -0700 7/9/1999, Bodo Moeller said:
Me too. I did not detail this in my previous message, but IMO the way
to go is to use short validity periods on your encryption keys (so
that if you let them expire, no-one will send you mail encrypted to
those keys any more; an additional advantage is that you can change
the cipher preferences etc. if you switch to newer software versions)
and a longer validity period for the signing key. Also your signing
key could use a long _key_ validity period, but short _signature_
validity periods for the self-signatures; then the key validity
period, if defined, should be used by others who certify that key.
A signing key is really invalid only when publishing its secret part
cannot break anything (not that I recommend doing so ...).
> [...]
The self-signature! Not the whole key, unless you don't re-validate.
For this, a signature validity period should be used, not a key
validity period.
We're in violent agreement here.
The problem is that "key expiration" in OpenPGP (well, actually in the V4
data structures) is in the self signature. If you look at the V3 key
packet, there's a key expiration. In the V4 structure, it is gone. It's in
the self-sig.
That's what I wrote in my previous message, isn't it? The point here
is that the self-signature can define _two_ validity periods: A key
validity period (section 5.2.3.5), which should be evaluated by others
when certifying the key so that an expired key is guaranteed to be
considered invalid by those trusting the certficate, and a
self-signature validity period (section 5.2.3.9), which certainly can
be much shorter than the total key validity period.