On Tue, Dec 11, 2001 at 09:52:23AM +0000, Andrew Suffield wrote: > On Mon, Dec 10, 2001 at 07:11:27PM -0600, Steve Langasek wrote: > > On Mon, Dec 10, 2001 at 02:56:31PM -0800, martin f krafft wrote: > > > uhm, why not just change the expiration date? from what i understand, > > > the expiration is only applicable to a public key, the private key can > > > be changed in terms of expiration... or am i wrong? > > > actually, your signing key can be changed in terms of expiration, your > > > encrypting key will expire, but that one is independent of > > > signatures... > > In short: he tried that, and it didn't stick when he uploaded it to the > > keyservers. <shrug> > Which is presumably because the key he self-signed with had > expired. Allowing an expired key to have its expiry date pushed > forward so that it is no longer expired would seem to defeat the point > of having an expiry date to me... Counter-intuitive, but programmatically equivalent. Suppose I set my system clock back before the original expiration date of my key, I sign it with a different expiration date farther in the future, and I distribute the key with the new signature. How can a recipient tell that I didn't /really/ re-sign the key on the date I claim I did? You can never second-guess the data in the self-signature. There simply isn't an objective reference point to compare it against. Steve Langasek postmodern programmer
Attachment:
pgpRWrfJsDQKX.pgp
Description: PGP signature