"L" == L Sassaman <rabbi(_at_)quickie(_dot_)net> writes:
L> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
L> On Tue, 30 May 2000, Paul Koning wrote:
"Lutz" == Lutz Donnerhacke <lutz(_at_)iks-jena(_dot_)de> writes:
Lutz> * Paul Koning wrote:
It seems to me the logical thing to do is very easy to
describe: >> expired or revoked certs are treated as if they were
nonexistent.
Lutz> But certificates of expired keys are still valid.
For verifying old stuff, yes. Not for new stuff. So my simple
description was too simplistic. I would apply it to things
expired or revoked as of the creation date of whatever I want to
verify.
L> Eh? If you sign my key, and then your *key* expires, your
L> signature is still included in validity calculations for my
L> key. Even after your key expires. (However, you had to sign my key
L> prior to the expiration of yours).
Agreed; that's what I meant. (Checking the signature requires a key
that was good at the time that signature was created. It's the
signature that is being verified, and the date of that signature is
what matters.)
paul