ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] rfc3880bis - hard expiration time

2015-04-27 09:28:39
from [Christoph Anton Mitterer] [Permanent Link] 
On Mon, 2015-04-27 at 10:18 -0400, Derek Atkins wrote: 

But then it also means Alice would *have* to generate a
new key after the old key expired.  (Or, worst case, Alice would have to
regenerate a new Certificate using the same key parameters and then
obtain all those signatures again).

Just to point that out once more:
The later here is actually the feature of the whole idea.


And in just in order to calm down (once more) all the opponents of a
hard coded expiration time:
- having a hardcoded expiration time, does NOT mean, that people have to
  use it
  One could still let people choose during key creation what they
  want... one could even "hide" such feature behind something like
  gnupg's --export

- even though it's IMHO rather useless, one could still allow for "soft"
  expiration times, although - as mentioned previously - I'd rather do
  that simply via the expiration time of the self sigs

So nothing of the current functionality is lost.


Cheers,
Chris.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] Fingerprints, Derek Atkins
Next by Date:  Re: [openpgp] rfc3880bis - hard expiration time, Derek Atkins
Previous by Thread:  Re: [openpgp] rfc3880bis - hard expiration time, Derek Atkins
Next by Thread:  Re: [openpgp] rfc3880bis - hard expiration time, Jon Callas
Indexes:  [Date] [Thread] [Top] [All Lists]