On Fri, 20 Sep 2002 23:09:23 -0700, Jon Callas said:
My opinion (still) is that it isn't a bug, it's a feature. I want someday to
make keys that have short-lived self-signatures on them that are regularly
I fully agree. Furthermore, due to the possibility to set an
expiration date on a key signatature, a "CA" gains the same effect as
with an expiration date on the key. It is about what a trusted
authority sees as a sound expiration date. This may either be a key
signator by using the signature expiration time or the key owner by
setting the expiration date on his key signatures (self-signature).
PGP has the tradtion to to let the user decide and not some other
entity. With the OpenPGP model the user is even free to ask a CA to
set an expiration date on their key signature.
By default GnuPG uses the expiration date of the self-signature as the
one for a key signature. This is on Florian Weimer's request and afaik
is sufficient for him and his use of the PGP PKI.
Salam-Shalom,
Werner