Paul Koning writes, quoting Len Sassaman:
L> Eh? If you sign my key, and then your *key* expires, your
L> signature is still included in validity calculations for my
L> key. Even after your key expires. (However, you had to sign my key
L> prior to the expiration of yours).
Agreed; that's what I meant. (Checking the signature requires a key
that was good at the time that signature was created. It's the
signature that is being verified, and the date of that signature is
what matters.)
The problem is that we don't have a mechanism for securely timestamping
signatures. If someone breaks or steals an expired key, they can create
a back-dated signature with it.
In my opinion it is risky to rely on a signature by an expired key.
PGP versions 5.0 and later do not use expired keys in trust calculations.
(PGP 2.6.2 and earlier did not support key expiration.)
Hal