-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Bodo Moeller wrote:
Of course the one problem we cannot avoid is that the legitimate owner
of the key cannot keep the key alive indefinitely. This is because
this "problem" is exactly the security feature that me and Florian
Weimer and Derek Atkins want to have: we don't want the bad guy to be
able to unexpire the key if he gets hold of the secret key.
so set key expiration in direct key signature. there can be only
one direct key signature. direct key signature is self signature (5.2.3.3)
so key expiration can be set in it. (though most PGP implementations may
not recognize key expiration in direct key signature....)
5.2.3.6. Key expiration time
(4 octet time field)
The validity period of the key. This is the number of seconds after
the key creation time that the key expires. If this is not present
or has a value of zero, the key never expires. This is found only on
^^^^^^^^^^^^^
a self-signature.
^^^^^^^^^^^^^^^^
5.2.3.3. Notes on Self-Signatures
A self-signature is a binding signature made by the key the
signature refers to. There are three types of self-signatures, the
certification signatures (types 0x10-0x13), the direct-key signature
^^^^^^^^^^^^^^^^^^^^^^^^
(type 0x1f), and the subkey binding signature (type 0x18).
__
Disastry http://disastry.dhs.org/
http://disastry.dhs.org/pgp
^----PGP 2.6.3ia-multi06 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1
iQA/AwUBPZBxrDBaTVEuJQxkEQPdiwCgsuV/1HKjEyJLLFe7QFGWNfg205sAoJyi
0yuLte8T0wJyyBPh3A+g62dr
=BtSp
-----END PGP SIGNATURE-----