On Fri, 05 Jan 1996 23:07:19 -0800, Bruce Baugh <bruceab@teleport.com> wrote:
I'd like to bring up a problem I haven't seen addressed much yet, and which I think is going to come up with increasing frequency as PGP use spreads.
The problem is this: how can one spread the word that an old key is no longer to be used when one no longer has the pass phrase, and cannot therefore create a revocation certificate?
[..] Keys should have built-in expiration dates (adjustable by the user manually the way one would change their user-id, passphrase, etc.) PGP should give a warning when the key passes the expiration date. It should not prevent you from using it, but should remind you that the key is rather old, and that the owner may have moved, etc. Users who want to extend the life of their keys should send special certificates (at least once a year or every other year?) that tell keyservers and those with copies of their public keys that the key is still being used, and to update the expiration time. Comments? --Rob