-----BEGIN PGP SIGNED MESSAGE-----
From: "David Shaw" <dshaw(_at_)jabberwocky(_dot_)com>
Whoah - I am not proposing that. My comments were in the context of
how a potential v5 key format could work (and as a side note on how
GnuPG handles a v3 key with a v4 selfsig). That's all. As I see it,
without an expiration date *in the key packet*, there is no true
"hard" expiration date. I agree with Jon's analysis.
OK... sorry about that. I agree that a new key format could address this
if anyone cared enough. (I don't. Revocation is good enough... which
leads me to wonder how PGP/GnuPG would treat a post-dated revocation,
but that's another unnecessary digression. :-)
GnuPG 1.0.6 is fairly old now.
It may be old in a CVS sense. There's a lot of it out there, though...
it's in the RedHat 7.2AS and 7.3 releases, for example. It was the
only official Windows build for a *long* time.
My point was not that GnuPG was wrong in any way, simply that some
widely installed versions wouldn't support the hard/soft distinction,
should we choose to make one now.
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
-----END PGP SIGNATURE-----