| Revoking a self-signature or allowing it to expire has a defined
| semantic meaning.
IMHO, the draft does not specify the semantics of expiration in a way
which would warrant such statement. I don't believe we can agree on a
specific set of expiration semantics even in the limited circle of
this WG.
BTW, the referenced paper (http://www.counterpane.com/pgp-attack.html)
is definitely worth a read.
--
Florian Weimer Weimer(_at_)CERT(_dot_)Uni-Stuttgart(_dot_)DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898