ietf-openpgp
[Top] [All Lists]

Re: draft-ietf-openpgp-rfc2440bis-06.txt

2002-09-21 11:20:52

On 9/21/02 4:11 AM, "Bodo Moeller" 
<moeller(_at_)cdc(_dot_)informatik(_dot_)tu-darmstadt(_dot_)de>
wrote:

Jon Callas <jon(_at_)callas(_dot_)org>:
"Bodo Moeller" 
<moeller(_at_)cdc(_dot_)informatik(_dot_)tu-darmstadt(_dot_)de>:

Here's the yearly reminder on the OpenPGP key expiration protocol failure.

http://www.imc.org/ietf-openpgp/mail-archive/msg02374.html
http://www.imc.org/ietf-openpgp/mail-archive/msg02848.html
http://www.imc.org/ietf-openpgp/mail-archive/msg03693.html

My opinion (still) is that it isn't a bug, it's a feature. I want someday to
make keys that have short-lived self-signatures on them that are regularly
renewed, [...]

You are talking about subkeys (encryption subkeys, presumably -- in
the case of signature keys, you can simply stop using them without
having announced so in advance).  If you want to regularly renew your
subkeys, then set appropriate expiration times for these subkeys.

I am talking about main keys, not subkeys.  Simply don't set an
expiration time for the signing key if you want to be able to continue
to use it indefinitely.


So am I. I'm talking about main keys.

I have a vision where my program might (for example) re-create my
self-signature every day with a 48-hour expiration, and upload it to the
server.

OpenPGP has a policy that in the base specification, we permit a variety of
trust models and do not require one; we provide a language that is robust
enough to support all these trust models.

    Jon