Mike Ingle <MIKEINGLE@delphi.com> wrote:

There is no way to know now when a key was sent to a server, so it is hard to know when to delete it. One way would be to keep track of when new keys are sent or updated, and delete any key which has not been updated within a certain time, such as one year. All existing keys could be given six months to live. Those who wanted to keep their present keys could send them again, and others could create new ones.

The web of trust model does not lend itself easily to key expirations, because this requires you to frequently get people to re-sign your key, and to re-sign the keys of others. This creates the opportunity for the "here's my new key, and I haven't got it resigned yet" attack. There would have to be a fairly long overlap period between new and old keys, during which time the old key signed the new key. Expirations would complicate the system considerably.

How about people just keep their keys, and the signatures, but they re-sign their own keys every six months or so? In order to keep their keys on the keyserver, they must submit a PGP signed message to prove that they still have that key. If they don't, the key is assumed to be lost, and it is deleted.