On 9/21/02 2:54 PM, "Bodo Moeller"
<moeller(_at_)cdc(_dot_)informatik(_dot_)tu-darmstadt(_dot_)de>
wrote:
And assuming there *is* some point in doing self-signature updates
like this, whatever it may be, you should use signature expiration
time sub-packets, not key expiration sub-packets: it's just the
self-signatures that you want to expire, not the key. So there is no
conflict with the proposed workaround for the key expiration protocol
failure.
What I want is something of a dead-man's switch on my own key (and on other
people's -- Werner is correct in noting that this requires client work,
server work, and there are a lot of cool features you can load on this). If
someone stops using their key, then it expires after some reasonable time,
whether that reasonable time is measured in hours, days, or months.
On the flip side of this, let's imagine that I certify Alice's key. When I
certify it, I'm stating that I believe it belongs to her. If she has a
dead-woman's switch on her key, it doesn't change my statement. If I wanted
to limit the duration of my statement, that option was available to me. If
Alice permits her key to expire, I still believe it's her key! It may be
expired, but it's still her key. She could always un-expire it by putting a
new self-sig on it. If I don't like all of this, I always have the option of
revoking my signature, as well.
Jon