Hal Finney suggests expiring old keys. The first thing we would need is a way to clear the keyservers of such dead keys. The keyservers are already up to 1.3 MB. Many of those keys must be long dead. In any case, the key servers cannot just accumulate keys forever. There is no way to know now when a key was sent to a server, so it is hard to know when to delete it. One way would be to keep track of when new keys are sent or updated, and delete any key which has not been updated within a certain time, such as one year. All existing keys could be given six months to live. Those who wanted to keep their present keys could send them again, and others could create new ones. The web of trust model does not lend itself easily to key expirations, because this requires you to frequently get people to re-sign your key, and to re-sign the keys of others. This creates the opportunity for the "here's my new key, and I haven't got it resigned yet" attack. There would have to be a fairly long overlap period between new and old keys, during which time the old key signed the new key. Expirations would complicate the system considerably. --- Mike
Hal Finney suggests expiring old keys. The first thing we would need is a way to clear the keyservers of such dead keys.
One way to expire keys is to simply declare that any old PGP key more than two years old is expired.
There is no way to know now when a key was sent to a server, so it is hard to know when to delete it.
You can use the date in the PGP key structure to timeout on.
The web of trust model does not lend itself easily to key expirations, because this requires you to frequently get people to re-sign your key, and to re-sign the keys of others. This creates the opportunity for the "here's my new key, and I haven't got it resigned yet" attack.
Everyone should sign their new keys with their old ones. Eric
One way to expire keys is to simply declare that any old PGP key more than two years old is expired.
No, this is a bad idea. Any arbitrary setting of expire time by the keyserver is a bad idea. It is the key owner that should set the timeout of the PGP key (there is an expiration time in the key certificate, but the current implementation sets it to zero and ignores the field). There are people that have longer or shorter keys, and its possible that they might want longer or shorter expiration times. I think that there are a few things that can and should be done. First, a revoked key should get all signatures removed from that key (and possibly any signatures that key made should disappear as well). Also, revoked keys should probably time out from the keyservers after some period of time. -derek Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) Home page: http://www.mit.edu:8001/people/warlord/home_page.html warlord@MIT.EDU PP-ASEL N1NWH PGP key available
One way to expire keys is to simply declare that any old PGP key more than two years old is expired.
No, this is a bad idea. Any arbitrary setting of expire time by the keyserver is a bad idea.
The idea wasn't just the keyserver, but PGP itself. If we set the time to three years, the earliest that will be is September 1995. A future version of PGP can enforce this. Eric
participants (3)
-
Derek Atkins -
hughes@ah.com -
Mike Ingle