On Apr 21, 2015, at 4:50 AM, Christoph Anton Mitterer
<calestyo(_at_)scientia(_dot_)net> wrote:
* PGP - S/MIME Signed: 04/21/2015 at 04:50:25 AM
On Mon, 2015-04-20 at 23:50 -0700, Jon Callas wrote:
Personally, I think that the present way things are done is
syntactically fine. Semantically, there are many bogosities. You can
time-limit your signature on a key, but no one ever does.
As I've explained before, I don't think that this is the same as
hardcoding it into the key, as it wouldn't change the fingerprint, would
it?!
I read your explanation. I understand it. I just disagree.
I think that hard-expiration is not only a bad idea, but unenforceable.
It's a *good* thing for Alice to be able to update the expiration time on her
key. It encourages putting a limit on (as opposed to no limit) if it can be
changed later. It also allows advanced systems to be able to do some really
cool things with short lived keys.
And you probably can't prevent it anyway. X.509 syntax people have kittens if
you reuse a key in certs. And yet a major feature of many PKI systems is to
"reissue" a cert with a new expiration time, because it makes operations much
easier for everyone.
Jon
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp