hal(_at_)finney(_dot_)org:
The question arises, what is the purpose or meaning of expiration dates
on keys and signatures.
In the case of keys, expirations have a couple of purposes. One is
to reduce the attractiveness of the key as a target. [...]
A related purpose is to limit the damage if the key falls into someone
else's hands. [...]
A rule of thumb for this is as follows: Assume that every owner of a
signing-only key may elect to publish their private key after expiry.
(Further assume that consistent reliable clocks are available to all
participating entities.) Can signatures created with these
no-longer-private keys lead to problems? If so, then key expiry is
not properly observed.
In the case of signatures I think things are quite different. [...]
In at least some cases, then, it might be reasonable to continue to use
expired signatures in trust calculation.
This is true, in principle; however note that the workaround for
enforcing key expiry (which is not covered by OpenPGP certificates) by
setting an expiry time in certifying signatures works only if expired
signatures are ignored. (The *key* expiration time sub-packet
may be used only in self-signatures according to RFC 2440,
so it cannot be used instead.)
"Expired signatures must be ignored" actually is too strong a
statement. More precisely, signatures must be ignored unless one is
sure that they were created before the signing key expired. That is,
if you know that you received the signature sufficiently early, then
you may still use it; also if there's some trusted timestamp that
convinces you, you may still use the signature.
--
Bodo Möller <moeller(_at_)cdc(_dot_)informatik(_dot_)tu-darmstadt(_dot_)de>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036