On Apr 20, 2015, at 11:04 AM, Werner Koch <wk(_at_)gnupg(_dot_)org> wrote:
On Thu, 16 Apr 2015 02:39, calestyo(_at_)scientia(_dot_)net said:
That's why I think, that creation and expiration times should be
immutable once the key has been created; at least not without
invalidating all signatures (i.e. those from other users).
A hard expiration time vor a v5 key format was proposed by Florian
Weimer many years ago. IIRC, we even had consent that this should be
done by putting it into a v5 key packet.
I wouldn't go quite that far as "consent" if by that you mean "consensus."
There are many things that got punted into the future rather than argue now.
Personally, I think that the present way things are done is syntactically fine.
Semantically, there are many bogosities. You can time-limit your signature on a
key, but no one ever does. There are lots of reasons for that, I think, none of
them technical. They all are social.
Jon
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp