The "Security Considerations" of the OpenPGP specification should
contain the following item, or words to that effect. (This was
initially pointed out in my 8 July 1999 message to this list.)
* Public key packets in the current version 4 format do not
contain a validity period. It has been moved to the signature
packet and appears in the optional key expiration time
subpacket (section 5.2.3.5), which is to be used only in
self-signatures. Unlike with the version 3 public key packet
format, certification signatures do not automatically cover the
expiration time.
When certifying a user ID and a public key given in version 4
format that has an associated validity period, a signature
expiration time subpacket (section 5.2.3.9) should be used to
limit the validity of the certification according to the
validity of the public key being certified. Otherwise, if the
certified key is compromised after it has expired, earlier
certifications would still appear to be valid if the key is
fraudulently published with a new self-signature giving an
updated expiration date.
Probably some warning (or mandatory rule) should also appear earlier
in the text.
--
Bodo Möller <moeller(_at_)cdc(_dot_)informatik(_dot_)tu-darmstadt(_dot_)de>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036