On Mon, Apr 27, 2015 at 4:29 PM, Werner Koch <wk(_at_)gnupg(_dot_)org> wrote:
FWIW: I have no real preference pro or contra a hard expiration time.
I have not seen anyone in favour of a hard expiration time explain
what it is designed to prevent / enable. I think the new standard
should have a real prejudice in favour of excluding anything unless
there is a clear justification. It could be that I've just missed
something, but I don't think that standard has been reached here yet.
What does a hard expiration time technically achieve that a soft
expiration time does not.
If the answer is encouraging the user to behave in a particular way,
that should be enforced / encouraged through other means. I see no
security advantage at all. As I say, I may be missing something.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp