Hi,
Nicholas Cole <nicholas(_dot_)cole(_at_)gmail(_dot_)com> writes:
On Mon, Apr 27, 2015 at 4:29 PM, Werner Koch <wk(_at_)gnupg(_dot_)org> wrote:
FWIW: I have no real preference pro or contra a hard expiration time.
I have not seen anyone in favour of a hard expiration time explain
what it is designed to prevent / enable. I think the new standard
should have a real prejudice in favour of excluding anything unless
there is a clear justification. It could be that I've just missed
something, but I don't think that standard has been reached here yet.
You have seen them. You've just ignored them.
It prevents someone who gains access to your private key the ability to
keep your public key going past your pre-selected expiration time.
Using soft expiration doesn't help in this case because the attacker has
access to your private key and could, as a result, issue additional
self-sigs with extended expirations.
What does a hard expiration time technically achieve that a soft
expiration time does not.
The above.
If you want to reuse your key material in a new key/certificate you can,
but it would be considered a completely "new key" so existing signatures
would be invalid. That's the goal.
If the answer is encouraging the user to behave in a particular way,
that should be enforced / encouraged through other means. I see no
security advantage at all. As I say, I may be missing something.
No, it has nothing to do with encouraging specific behavior. But if you
don't see a security advantage then you're either not looking or not
reading.
-derek, who should have paid more attention during the V4 key designs,
but was probably on PGP Hiatus at the time.
--
Derek Atkins 617-623-3745
derek(_at_)ihtfp(_dot_)com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp