Revoking Old Lost Keys

Adam Shostack adam at lighthouse.homeport.org
Sun Jan 7 10:36:11 PST 1996


Mutatis Mutantdis wrote:

| PGP should give a warning when the key passes the expiration date. It
| should not prevent you from using it, but should remind you that the
| key is rather old, and that the owner may have moved, etc.
| 
| Users who want to extend the life of their keys should send special
| certificates (at least once a year or every other year?) that tell
| keyservers and those with copies of their public keys that the key is
| still being used, and to update the expiration time.

	Expire should mean expire, i.e., no longer valid, useful or
useable.  If you want to have a 'depreciated after' and an expire
date, that might be useful, but it seems more like feeping creaturitis
to me.  It adds bulk to every key, when a better solution would be to
have keys automatically deprecitated some time before they are due to
expire.

	Also, the ability to extend the life of a key is fraught with
danger.  The longer a key is around, the more likely it is to become
comprimised.  The user might not be aware that the key is comprimised.
Better to have an unchangeable date.  (On a more technical level,
allowing users to change the expiry date on a key means that the key's
expiry date is not signed by the signatories, and an opponent who
comprimised a key could simply change the expiry date on that key and
send it to the servers, so that it would continue to be used, and your
opponent could continue to read all your communications.)

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







More information about the cypherpunks-legacy mailing list