Revoking Old Lost Keys
Adam Shostack
adam at lighthouse.homeport.org
Sun Jan 7 14:11:37 PST 1996
I was thinking of two dates, an expire and a warn. Admittedly, adding
a few bytes to a key is not a big deal, but neither is the gain from a
warn and expire date. If you want to be able to set a bit for 'use
after expire,' I would see that as a reasonable thing.
Adam
Deranged Mutant wrote:
| Adam Shostack <adam at lighthouse.homeport.org> wrote:
|
| DM wrote:
|
| > | PGP should give a warning when the key passes the expiration date. It
| > | should not prevent you from using it, but should remind you that the
| > | key is rather old, and that the owner may have moved, etc.
| [..]
| > Expire should mean expire, i.e., no longer valid, useful or
| > useable. If you want to have a 'depreciated after' and an expire
| > date, that might be useful, but it seems more like feeping creaturitis
| > to me. It adds bulk to every key, when a better solution would be to
| > have keys automatically deprecitated some time before they are due to
| > expire.
|
| The reason I think a warning option is good (really, 1 bit bit flag
| for warn rather than kill... that's "bulk" to every key?) is so that
| if for whatever reason the key is used (say I am unable to get a
| newer key for you but really need to send you a private message) I
| have something to use... and you, if you choose to hold onto old
| keys, can decrypt it. If not, the sender was warned.
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
More information about the cypherpunks-legacy
mailing list